How much do you trust the security of third-party vendors' remote access/VPN?

JOiseau

I read the results of a study by Trustwave that said 75% of data breaches were the result of security deficiencies introduced by thrid-party vendors responsible for system support, development or maintenance. Also disturbing was the fact that only 16% of companies manages to detect breaches on their own. What do you do to make sure third-party vendors aren't creating security holes that are putting your company at risk?

Topic: Security
Answer this Question

Answers

2 total
jimlynch
Vote Up (9)

Perhaps the best idea might be to avoid using them, if at all possible. If you must use them then ask in advance what their security policies are and read them carefully before using their services.

A little research, carefully done, might save you a lot of security headaches later on. It's also good for companies to be held accountable in advance for their security policies. It lets them know that customers are interested and that they expect a certain high level of trustworthiness.

dblacharski
Vote Up (6)

Not much, is the short answer to the question. Let me give you one reason why: stupid passwords for system logins. Ask anyone who has worked for a third party vendor if they ever used "admin" or "administrator" for passwords and logins. Bet a lot of them will admit that they have. And if that isn't bad enough, it isn't uncommon to use the same passwords for all their customers. That's right, so if a hacker gets one, they get them all. If you absolutely must allow remote access, I would at least insist on multi-factor authentication and that passwords of my choice be used.

Ask a question

Join Now or Sign In to ask a question.
Almost 500,000 patient records have been hacked from the servers of the Harley Medical Group, the plastic surgery firm which has clinics across the UK.
Security researchers have found that many satellite communication systems have vulnerabilities and design flaws that can let remote attackers intercept, manipulate, block and in some cases take full control of critical communications.
The U.S. commercial drone industry is still struggling to get off the ground more than two years after President Obama signed into law a bill that permits the civilian use of unmanned aerial vehicles (UAV) over the country's airspace.
Sure, you’ve changed a bunch of passwords, but are you doing all you can to protect yourself?
About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.
National security may be at stake as private businesses try to manage a growing number of cyberthreats, but IT professionals shouldn't have to bear that burden alone.
Worried about how the Heartbleed vulnerability may affect your personal accounts? A new tool may be of help.
Whether it's the first time you've picked up an iPad or the seventeenth time you've pulled out your iPhone today, there are probably still some iOS 7 features and functionality that you're not familiar with. Don't sweat it: We're here to help. We've collected some of our favorite and most useful tips and compiled them here, just for you.
The Tor Project has flagged 380 Tor relays vulnerable to the critical Heartbleed flaw to be rejected from the Tor anonymity network, reducing the network's entry and exit capacity.
Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

White Papers & Webcasts

See more White Papers | Webcasts