How much do you trust the security of third-party vendors' remote access/VPN?

JOiseau
JOiseau15 weeks ago

I read the results of a study by Trustwave that said 75% of data breaches were the result of security deficiencies introduced by thrid-party vendors responsible for system support, development or maintenance. Also disturbing was the fact that only 16% of companies manages to detect breaches on their own. What do you do to make sure third-party vendors aren't creating security holes that are putting your company at risk?

Tags: data breaches, remote access, security, vpn
Topic: Security
Answer this Question

Answers

2 total
dblacharski
dblacharski 15 weeks ago
Vote Up (2)

Not much, is the short answer to the question. Let me give you one reason why: stupid passwords for system logins. Ask anyone who has worked for a third party vendor if they ever used "admin" or "administrator" for passwords and logins. Bet a lot of them will admit that they have. And if that isn't bad enough, it isn't uncommon to use the same passwords for all their customers. That's right, so if a hacker gets one, they get them all. If you absolutely must allow remote access, I would at least insist on multi-factor authentication and that passwords of my choice be used.

jimlynch
jimlynch 15 weeks ago
Vote Up (3)

Perhaps the best idea might be to avoid using them, if at all possible. If you must use them then ask in advance what their security policies are and read them carefully before using their services.

A little research, carefully done, might save you a lot of security headaches later on. It's also good for companies to be held accountable in advance for their security policies. It lets them know that customers are interested and that they expect a certain high level of trustworthiness.

Answer this Question

Related Questions

lbloom
lbloom
25 weeks ago
When was the last time you changed your password?

My boss doesn't want any passwords to ever change - which is very bad security policy. Experts say that you should not use the same...

Tags: password, security
Answer It
mstrauss
mstrauss
44 weeks ago
How secure is your data center?

Much media attention is paid to stories about hackers using sophisticated tools for breaking into systems VIRTUALLY, just using network...

Tags: data center, security
Answer It
RomanZ
RomanZ
29 weeks ago
Is it safer to hire hackers or prosecute them?

Should companies embrace former hackers as security experts, or is it better to label them as public pariahs? Some executives rightfully...

Tags: hacker, security
Answer It
rtrembley
rtrembley
24 weeks ago
How to stop a Shady Rat attack on your business?

How did the hackers invade so many US companies computer systems without being detected? How can my company protect ourselves from IP...

Tags: security
Answer It
ncharles
ncharles
24 weeks ago
When was your last computer infection/affliction?

When was your last computer infection/affliction? Can you describe what happened, and how you fixed it? Malware attacks are getting more...

Tags: malware, security
Answer It

Ask a question

Join Now or Sign In to ask a question.
Mayor of New Jersey town arrested on hacking and conspiracy charges
The mayor of West New York, New Jersey, was arrested together with his son on Thursday, for allegedly hacking into a website that criticized him and his administration.
Unthethered jailbreak for iOS 5.1.1 available for download
Absinthe 2.0, the jailbreak for iOS 5.1.1, is ready and available for download, the Jailbreak Dream Team announced at the Hack in the Box conference in Amsterdam on Friday.
Judge orders drug evidence suppressed in warrantless GPS tracking case
A federal judge in Kentucky this week upheld a lower court's decision to throw out crucial evidence in a drug case because the evidence was gathered with the help of a GPS tracking device installed without a warrant.
Lawmakers call on DOJ to reopen investigation into Google Wi-Fi spying
Two U.S. lawmakers have called on the U.S. Department of Justice to reopen its investigation into Google's snooping on Wi-Fi networks in 2010 after recent questions about the company's level of cooperation with federal inquiries.
Researchers propose TLS extension to detect rogue SSL certificates
A pair of security researchers have proposed an extension to the Transport Layer Security (TLS) protocol that would allow browsers to detect and block fraudulently-issued SSL certificates.
Windows 8 to run Adobe Flash only on some websites
The touch-centric Metro version of Internet Explorer 10 in Windows 8 is plug-in free, but the browser may still be able to run Adobe Flash video, according to an online report. Microsoft is reportedly taking the Google Chrome approach with IE10 and building Flash capability directly into the touch-friendly browser. But Flash won't be available for every site on the Web in Metro IE10. Instead, Microsoft will only extend the capability to select popular sites, according to Windows bloggers Paul Thurrott and Rafael Rivera.
European privacy regulators want more detail on Google's policy changes
vour rhz
Yahoo leaks private key, allows anyone to build Yahoo-signed Chrome extensions
Yahoo was forced to release a new version of its Axis extension for Google Chrome after the original one contained a private key that allowed anyone to digitally sign extensions in Yahoo's name.
Security researcher urges IT managers to keep up with SAP patches
More than 95 percent of over 600 SAP systems tested by security firm Onapsis were vulnerable to espionage, sabotage and fraud, mainly because patches had not been applied, according to a researcher.
Bug bounty hunters reveal eight vulnerabilities in Google services
Security researchers unveiled eight vulnerabilities in Google services during the Hack in the Box conference in Amsterdam on Thursday -- but they claim to have discovered more than 100 such bugs over the past few months.

White Papers & Webcasts

White Paper

IDC Vendor Spotlight

Your company needs backup and recovery that supports a tiered-recovery model. This IDC Vendor Spotlight examines the modern forces driving the advancements in today's data protection technologies, and a complete backup and recovery solution that works across physical, virtual and cloud environments.

White Paper

vRanger Helps Cut Replication Time by Almost 70%

There's a reason why more than 38,000 customers trust vRanger to protect their critical virtual data! In this Quest Software case study, see how vRanger helped Cornerstone Bancshares, Inc. cut replication time from days to minutes - and how this translated to real time and money savings.

White Paper

ESG: Product Brief: Quest vRanger 5.3 brings enterprise-class VMware protection to SMB's

Free paper: how virtualization impacts SMBs, and strategies for enterprise-class VMware protection

White Paper

Forrester Report: The ROI of Cloud Apps

Cloud apps continue to gain momentum in the enterprise as buyers are attracted to fast deployment speeds, low upfront costs, and ongoing flexibility to scale up or down as needs change. This report analyzes the five-year ROI for cloud apps across CRM, ERP, collaboration, and IT service management.

White Paper

The Cloud: Reinventing Enterprise Collaboration

Collaboration and content sharing are not, of course, new concepts. But cloud computing has changed the nature of collaboration, content sharing, document storage and project management to enable more efficient, faster-acting and cost-effective enterprises. According to a new study by IDG Research, the vast majority of knowledge workers (86%) placed a very high level of importance on collaborating with internal coworkers and external stakeholders, and having access to the most up-to-date corporate information. Read how organizations are realizing massive productivity gains by transitioning their content management solutions to cloud-based models.

See more White Papers | Webcasts

Most Active Members

jimlynch

jimlynch

0 questions | 854 answers

TRUSTED VOICE
lsmall

lsmall

14 questions | 86 answers

lbloom

lbloom

24 questions | 70 answers

dblacharski

dblacharski

22 questions | 69 answers

becker

becker

37 questions | 53 answers