Companies utilize third parties to manage and process corporate information, which may be cost effective but actually increases the risk that a corporate network may be hacked through back doors. Third parties elongate the access chain to company information.
Over 65% of breaches take place via third parties, and law firms are especially vulnerable. According to the American Bar Association’s 2016 Legal Technology Survey Report, over 25% of firms with over 500 lawyers said they experienced a breach. These breaches may result in the loss of valuable information and often the only remedy is to shell out large sums of money to retrieve lost data.
In 2015, Fortune published an article on a series of security breaches targeting law firm partners, where hackers stole nearly seven gigabytes of data—the equivalent to tens of hundreds of thousands of emails. The incident was attributed to the Chinese government, though the motive was not disclosed. Despite the use of firewalls to guard their networks, law firms faced data breaches, exposing serious vulnerabilities in the systems of the third parties the companies trust.
Takeaway: In Third-Party Data Breaches, John DiGiacomo recommends counteracting data breaches by limiting the third party’s access to the network. Only give the vendor access where and when necessary. Utilize a service level agreement to give the vendor specific measure he must provide, and request that the third party perform routine security assessments on its systems. Mandate an audit clause to be included in the agreement to allow the business to verify the third party’s compliance with security protocols.
Interested in learning more? Contact us for information about the November 1st data privacy event.