Expertise Does Your Vendor Have You Covered?

In light of the recent Hollywood hackings by the Dark Overlord, the question of online security rises, yet again. (Not that we are complaining about the possibility of the new season of Orange is the New Black arriving early.) What’s different about this recent incident is that this hack was not due to the security failures of the big production companies. The data was extracted from a third party vendor that was trusted with the materials to make specialty edits on the footage. In this case, it was audio.

As the complexities of the digital age present a greater need for outsourcing to specialized third-party vendors on various projects, it’s becoming increasingly important to vet these organizations for their security standards on top of vetting them for your project. In order to keep your data safe and your project away from the dangers of being sabotaged, here are a few things to consider when searching for your next vendor.

At First Glance

The easiest way to tell if a company is operating with security in mind is by simply looking at their website. A Secure Sockets Layer (SSL) certificate is the first step to providing a safe environment for users to browse a website. It establishes an encrypted layer between the web server and the browser. This establishes a secure path for data to be passed between the server and the browser privately and is especially relevant for websites that collect personal information such as addresses or credit card numbers.

This feature is becoming increasingly important to have on any website to build trust with users and keep everyone surfing safely. In fact, Google is taking steps to ensure that more people are getting SSL certificates by labeling websites without them as non-secure in the search results feed and Chrome browser.

So how can you tell if your vendor’s website is operating safety-first? Most browsers, and especially Google Chrome, will show HTTPS instead of HTTP in the URL as well as a lock icon that’s labeled secure. You can rest assured that your potential vendor is taking the first steps to keeping data safe online.

Diving Deeper

Because hacking incidents are happening so often these days, it’s absolutely appropriate to ask your potential vendor about their data storage habits and security measures. It’s important to find a vendor that treats their own data with care as well as their clients’ data. Here are a few security practices you may want to discuss with your next potential partner:

What Is Their Password Strategy?

Most successful hacking attacks happen because people settle for simple passwords, often times repeated across multiple logins. Imagine if someone managed to guess that your Facebook password was your dog’s name followed by your birth year, then decided to check a few bank logins. Things could get ugly pretty quickly. Now imagine that your third-party vendor used the same method to protect the valuable data you’ve shared with them. Starting to worry?

A rule of thumb is to avoid any password elements that are personal (e.g. year of birth, street address, wife’s maiden name) while still keeping them complex. Instead, use a unique collection of randomized characters or words. Sites such as Strong Password Generator can help with this. Alternatively, coming up with a randomized sentence complete with punctuation works too; “Strong cats can’t mow lawns!” or “Don’t forget, pigs love glitter.” Silly, I know, but if it’s memorable and complex while also being random, it can be a great security measure to take.

In your security discussion with your vendor, you won’t necessarily want to find out what strategy they use, because that’s a security breach in itself, but you should be able to feel secure knowing that they do have a strategy in general. If they use resources like Strong Password Generator or LastPass, you can expect their accounts to be secure and your information to stay safe.

Is Their Network Secure?

Even with a solid password strategy, hackers are able to find back doors to files through internet networks. If your vendor makes a habit of working on shared or public networks such as coffee shops or co-working spaces, their network may not be as secure. They don’t have control over the network settings of those particular networks, and therefore cannot provide a true guarantee. If the vendor works on their own private network, there are a few questions about the set-up that can reveal any additional weaknesses.

A firewall is designed to block unauthorized access to a private network by strangers or potential threats. It can be set up through software, hardware, or a reinforced combination of the two. This is considered the front line battle for hackers to tap into a secure network. Again, without being too specific, this is an important factor that could make or break the security of your project and should be discussed in the vetting process.

What Do They Outsource?

Yes, it’s true – even the companies that you outsource to have to outsource some of their own processes. The biggest outsourcing threat to your information would come in the form of outsourced storage. If they’re sending their own data to a cloud or off-site data farm, it’s likely your data will be wrapped up in that. You’ll want to be sure to be aware of their method of storage and the security measures they’ve taken around that process including vetting of the company and a solid password strategy for access.

Even if they are storing their data on-site, you’ll still want to be sure that there is a trusted staff member that actively maintains the security and overall health of the data server they use. This includes making sure that it is accessible by password only, behind the network firewall, and possibly even keeping the equipment itself locked up. It’s a bonus if they encrypt all of their data!

Is Their Storage Centralized?

For optimal security, it’s smart to make sure that not all of your data is stored in one place. If your storage method is breached, all of the information you are working so hard to keep safe could be in jeopardy. Another rule of thumb is to store data in various places with their own security settings so that your metaphorical eggs are not all in the same basket if the basket ever does get tipped over.

Keep in mind, there are some talented hackers out there that will try to overcome any obstacle you set in their way, but it’s your responsibility to put your vendors through the due process on their security measures when considering them as a partner. Bookmark this article before your next meeting and you’ll walk away feeling more confident that you’ve made the right choice.

TL;DR

When seeking out a third-party vendor for specialty services for your business, be sure to ask about their security measures including password strategy, network security, and data storage strategy.