Article posted: Jun 29, 2017
By Joakim Thorén, CEO
The recent Republican National Committee (RNC) data breach took center stage on June 20, 2017 as a huge security misstep. In fact, it was called "the mother lode of all leaks," in a recent article in Business Insider.
Deep Root Analytics, a company contracted by the RNC to collect voter data information and insights, is now a household name. That's not a good thing. The conservative data firm stored details of about 61 percent of the US population on an Amazon cloud server without even basic password protection. For two weeks. Multiple parties stole the data.
The leak was discovered by Chris Vickery at UpGuard and reflects a frightening trend of leaving sensitive data unprotected. As with most breaches, this one started because an employee did not follow a security protocol. Unfortunately, this is a common mistake that is easy to make but difficult to track, especially for businesses that employ third-party contractors to conduct the work.
How can an IT department put in place security measures that are strictly followed within and outside the organization when working with third-party vendors?
Here are five tips to creating policies that follow strict security procedures:
- Ask the third-party vendor for a full data security plan and discuss how the vendor will implement this plan.
- Schedule weekly IT meetings to ensure the plan is working and all security measures are taken seriously and diligently followed.
- Eliminate password-only protection as a method to secure sensitive data. Passwords are too easy to share, often predictable and are easy to hack.
- Insist on multifactor identity and access management for all employees and third-party vendors, and carefully monitor access rights and revoke access when employees leave the company.
- Encrypt sensitive data to ensure an added layer of protection.
The IT director or CIO can't be everywhere, but it's up to him or her to establish a security protocol that is easily followed within the organization and with third-party vendors. Some of the biggest breaches in recent history started with third-party contractor negligence. Companies like Target have lost millions of dollars and have had to overcome trust issues with customers. Losing money is one thing, but losing reputation is as bad or worse. And providing access to highly sensitive voter information is a matter of national security, as the RNC just discovered.