NJBIZ: Vendor Vexation: Third-Party Providers Can Open Door to Hackers

Lindabury’s Cybersecurity and Data Privacy Practice Group Co-Chair Eric Levine was recently interviewed by NJBIZ regarding the recent security lapse of a South Jersey physicians network which wiped out the password protection on a supposedly secure site.

Eric says, “A company that engages in thorough due diligence may be able to use that as a defense if it’s sued as a result of a third-party provider hack.”

“It’s important to deal with cybersecurity and other issues up front, especially when you’re dealing with a new vendor,” Levine said. “Consider the depth of access to your data that they need, too. If a firm is just providing you with paper products, they don’t need deep access to your data, so a cybersecurity audit may not be very important.

“But if it’s a payroll processor and employee benefits provider with access to your sensitive information like social security numbers, bank accounts or medical information, you want to make sure that some kind of cybersecurity audit and other concerns are addressed in your contract,” he added.

Proper internal training and company-wide communications are also important.

“Earlier this year, a New Jersey-based client in the professional services industry advised us their email server had been hacked,” Levine said.

No personal information appeared to be accessed, but the law firm alerted its employees.

“Later that day, our human resources director received what appeared to be a routine request for information from that client,” Levine said. “Normally she would have gone ahead and processed it, but because of the notification of the hack and in-house employee training she had just completed, she immediately contacted me, since I’m a lead contact for our firm’s Incident Response Team.”

Levine contacted the client, who said their company had not issued the email request. “So we deleted it, distributed another company-wide warning and celebrated the fact that we had avoided this attack,” he said.

You can read the full online text of the NJBIZ article here. (may require a subscription)

Published on:
Updated:

Comments are closed.

Contact Information