Ossian Law P.C.
IT Law Alert November 4, 2014
Managing Vendor Cybersecurity Gaps: Every week, we hear of another major retailer or financial institution experiencing a data breach. Your organization may take reasonable and appropriate measures to secure data and protect your network, however, your vendors may have gaps in their cybersecurity practices.
Recently, both Snapchat and Dropbox were “hacked” but both companies quickly pointed to third party applications as the source of their users’ breached log in credentials. Dropbox later stated that the problem actually resulted from users employing the same passwords across multiple sites rather than any particular third party app breach.
Last month, regulators in New York advised banks to focus on the “sufficiency of cybersecurity controls of their third-party service providers.” The state has not yet issued new regulations around service provider security practices, but asked financial institutions to disclose the policies and procedures that govern their service provider relationships.
Awareness and management of vendor cybersecurity practices is becoming more and more important.
For more information on the NY regulators’ inquiries, click here.