Article posted: Aug 09, 2017
By Adam Bostwick, Versasec
It's happened again: A third-party contractor has been deemed responsible for the latest, highly-publicized data breach. This time the company hit was Anthem, where a contractor has been charged with emailing a document containing more than 18,500 Anthem members' information to his personal email address. This information included Medicare ID numbers containing social security numbers, Health Plan ID numbers, as well as Medicare contract numbers and enrollment dates.
What may be surprising is that the breach is Anthem's second in as many years. The company already has agreed to pay $115 million to settle a class-action lawsuit for its 2015 data breach, resulting in the personal information theft of 80 million members and employees.
A recent CIO Dive article identifies third-party employee negligence and information theft as a growing concern for organizations and states that it's very difficult to manage these necessary third-party employees. But is it?
Identity and access management technologies have been deployed for the past 25 years in government, banking and general industry with much success in providing two-factor authentication points to limit insider threats. Two-factor authentication combines something you have, such as a smart card, token or virtual smart card, with something you know, such as a pin code or password.
Why can't organization insist third-party contractors use identity and access management technologies to improve security?
Actually, they can and are doing just that. More and more companies of all sizes are requiring that third-party contractors employ higher standard security practices. For example, a large German auto manufacturer required its third-party vendors use two-factor authentication or lose their contracts with the auto manufacturer.
As the Anthem breach and others show, data breaches are on the rise and those from DDoS attacks or malware are difficult to predict and prevent. Data theft from an internal company source, whether it's a paid contractor or full-time employee, is largely preventable. In a recent blog, Versasec CEO Joakim Thorén provided 5 top security tips for managing security within and outside an organization. Read more about it at https://versasec.com/blog/rnc-breach.
To learn more about how Versasec is managing the latest multifactor identities for organizations and their third-party contractors, visit https://versasec.com/products.php.