The integration of your business and a third-party vendor is a pairing that demands cyber security tactics through comprehensive security monitoring. Businesses are in luck, because document tracking can help pave the path to mitigation.
At first look, organizations relish at the thought of a third-party adding value to their company or taking a task off their plate like electronic billing. These third-party services supply companies with business critical auxiliary services.
However, the use of a third party vendor does come with it’s fair share of risks. An attack on your data by means of a third-party is a substantial risk and concern that organizations must prepare for.
Only 52% of companies have security standards for third-parties.
Document tracking capability enables an organization to keep a handle on the interactions of data as well as where the data travels to. This is a safe security practice for organizations utilizing third-party vendors. By understanding all activity and interactions of your data, you can comprehensively protect it.
How dangerous can an outside vendor be? Let’s take a look.
What do the statistics say?
- 63% of data breaches are directly or indirectly related to third-party data breaches
- 2% of organizations place third-party vendor security a top priority
- Third-parties have to access many VPNs, networks, and platforms confirmed by 75% of organization leaders.
- 69% of companies say they definitely or possibly suffered a security breach caused by third-party vendor in the last year.
- The focus of organizations are on cost rather than security according to 64% of organizations that utilized third-party outsourcing.
- According to Opus & Ponemon Institute,“The survey also found that 42 percent of companies experienced cyber attacks against third parties that resulted in the misuse of their company’s sensitive or confidential information, an 8 percent increase from 2016.
- 34% of organizations can track the logins of their vendors.
What damage can a vendor cause?
We’ve heard of the Target data breach. A lesser known fact of this breach is that it was caused by a third party vendor; a HVAC vendor to be exact. The HVAC vendor had their credentials for Target’s data system compromised, which led hackers to Target’s data core. The hackers were able to gain control of Target’s POS and effectively steal 40 million debit and credit card account data.
That’s the case, and here’s how document tracking could’ve helped prevent this breach.
Document tracking (and overall data monitoring) can realize, notate and alert an organization of unauthorized POS and system access. As well as the PCI data being accessed and extracted from the company.
Let’s take an example of one of the most talked about data breaches in recent times, the Facebook and Cambridge Analytica cyber security scandal. At the time of the breach, Facebook’s third-party feature was collecting user data to create targeted political campaign without user permission. The issue within this breach is not that PCI or EPHI was stolen, but rather a major invasion of privacy ensued.
This is how document tracking could’ve helped.
Document tracking can be useful in this scenario if a company is unaware of data harvesting. Companies that seek out third parties to accomplish a task may discover through document tracking that more is occurring. Swift notification and response can halt a breach of consumer privacy, trust and data.
The Equifax data breach is yet another vendor caused breach that resonates with cyber attack conscious companies. In 2017, Equifax disclosed information of a massive data breach that exposed roughly 146 million accounts of PII and PCI.
Equifax has stated that the source of the attack is from a third-party web app software called Apache Struts 2 that was overdue for a patch. The vulnerability was exploited by hackers and subsequently resulted in millions of cases of stolen sensitive data.
This is how document tracking could’ve helped.
Tracking data movements and the amount of data can indicate something is amiss. It may be difficult to discern that your vendor is compromised and you are as well. With document tracking the movement of data is viewable and can notify an emergency.
The variables within these above breaches display the need for an actionable security plan incorporating monitoring tactics and controls. The security of third-parties data access and interaction directly correlates to your security, brand and success.
What is Document Tracking?
Document tracking is the security component necessary to protect your data and company. Determine who has access to your data and implement a least privilege policy (if appropriate). From there, monitor the interactions between third-party vendors and your data. Document tracking will generate a report containing information on:
- Who accesses data
- When the data is accessed
- Any changes, abnormal activity or attempts made to alter or access data
The document tracking ability can be configured to fit your policies. Some examples of the possibilities with document tracking are:
- Webpages visited
- Keystroke monitoring
- Outgoing emails
- Documents transferred to emails as an attachment, USB, Dropbox, Google Drive, etc.
- Documents printed
The goal of document tracking is to supply organizations with a view into what interactions vendors are making with your data. Are they accessing files to outsource for you or is someone transferring a few files a week to an unknown network? Document tracking gives you the metadata to protect your company from a third-party vendor caused attack.