How Businesses Can Prevent Third-Party Data Breaches
Data breaches are making headlines nearly every day. As technology continues to advance faster than ever, organizations large and small are increasingly concerned about cybersecurity.
Getting to the root of a cyberattack is complicated and extremely costly for a business, which is why breaches can affect the economy significantly.
Everything from HVAC systems, environmental controls/energy management, and wireless networks are potential entry points for hackers to attack.
The effect of these cyberattacks can be devastating for your company. For instance, when manufacturers install their equipment in buildings, more than half the time they give building owners generic passcodes and logins so they can “securely” access this equipment, according to Jonathan Avery, president of Avery Associates, real estate appraisal and consulting company located in Acton, Mass.
The problem is that anyone can find these generic passcodes and login credentials just by doing an Internet search on the manufacturers and their equipment. That means if building owners don’t change the access credentials to that equipment, these third-party systems could provide open backdoors for cyberattacks, Avery said in an article in the New England Real Estate Journal.
A hacker who accesses a building’s management system, such as the lighting or HVAC system, can shut down the entire building. Then the hacker will send an email to the building owner demanding ransom to turn control of the building back over to management.
Additionally, once a hacker gains access to a building’s information systems, he can also steal the personal information of tenants and/or building owners through unprotected wireless networks or even through remote control building management systems, Avery noted.
Here are three tips to help you prevent third-party data breaches:
- Develop a vendor risk management plan – Don’t assess vendors using “ad hoc” methods, where each business unit has different standards and processes for selecting vendors. Such a decentralized approach makes companies vulnerable to vendors that have poor track records when it comes security. The first step to mitigating data risk is standardizing your vetting process across your organization. Then, develop a plan that’s uniform across every department and make sure that all your employees have access to the necessary documents and reporting mechanisms. Your plan should include: internal best practices for ensuring data security; the evaluation methods to assess potential vendors; and the criteria and standard requirements to select your vendors.
- Evaluate the potential security risks of third-party providers – Before you allow third-party vendors to access your systems, carefully research those providers to be sure there are no red flags. You should check to determine if they’re compliant with government rules and regulations; ask about their IT security practices and policies and how those policies are enforced; check to be sure their industry certifications are up to date; and talk to current customers to find out if they’re satisfied with the vendor’s services and the responsive of that company’s support team.
- Combining multiple software solutions – The fact is that the more apps you have, the more opportunities there are for your systems to be breached. But deploying a unified enterprise management software will cut down on the number of third-party software vendors that have access to your data – and fewer vendors means less time trying to find and resolve security issues.
The threat to building owners and managers from third-party vendors is real and it will increasingly affect the design, construction and operation of buildings in the future. Following these tips will help you protect your facility from disastrous cyberattacks.
- Subscribe to our blogto stay informed about the latest security news and insight.
- Stay up to date on security topics such as home alarm systems, business security systems, video surveillance systems, IP video networks, remote video monitoring, fire alarm systems, and fire alarm inspection.