The Year Of The Services Provider: 5 Ways To Avoid Security Breaches

By Chris Bucolo, Senior Manager, Partner Relations, Security & Compliance Practice — Sikich LLP

A new security breach seems to hit the news every week, and services providers must take proactive steps to make certain that they — or a partner provider — don’t unknowingly add an organization to the growing list of victims.

Unfortunately, a large percentage of breaches across all industries involve a third-party service provider. Here are a few steps service providers should address with their partners to decrease the risk of a customer security breach. These steps apply to any area of compliance or security focused on the protection of sensitive data, also known as personally identifiable information (PII):

1. Identify Players. Services providers must identify all of their partner providers that could impact the security of sensitive data in an organization’s ecosystem to ensure they leave no stone unturned.
    
2. Examine Processes. Providers should identify all of their processes related to the storage, processing, or transmission of sensitive data. Depending upon the size and scope of the provider, this may require assistance from a cross-functional working group, since sensitive data can find its way into the nooks and crannies of an organization and its services providers.

Below are a few provider/vendor types that often slip through the cracks during security audits:

1. outsourced call center provider
2. data storage entity
3. payroll service provider
4. email service provider
5. point of sale system (POS) vendor (consider remote access)
6. outsourced IT provider (consider remote access)

Please log in or register below to read the full article.