Sunday, December 14, 2014

EXCLUSIVE: The Top 10 Items Missed During an Audit (Article 3 of 10 in a series)

This is an exclusive provided by SLC Security Services LLC the leader in Medical, Compliance and DOD Auditing Solutions.

Number 10 on the list is attacks on your Disaster Recovery Plan or Third Parties that handle your data. We are seeing more and more third party vendors of large companies open them up to compromise due to standards not being in place and no auditing of third parties that you share data.

If you remember Target this was a perfect example whereas their air conditioning contractor failed to secure their network and malware was introduced via this path. Many times businesses open up firewalls to vendors without any auditing and verification of what data is moving through those trusted connections. Here are some recommendations to prevent your vendors from allowing a hacker to jump through a third party and gain access to unauthorized resources.

1. Even though a vendor may be "trusted" they should only be trusted to particular systems. The systems should not reside in your network. Host that data in a separate network segment that you can introduce DLP or monitoring protections such as IPS and IDS and make sure you are alerted if any attempts are made to access resources other than the destinations you have authorized.

2. Grant the least access required. Open only single IP and services in your firewall. Don't completely allow them to access any resource on your internal networks.

3. ENCRYPT YOUR DATA as it leaves your network. Ensure that information that is taken is encrypted. This prevents somebody other than your vendor from accessing data in which they are not authorized to view. Use time based encryption so that the keys are generated and discarded daily using security devices made for this purpose.

4. Require 2 factor authentication to view or access systems. Sure it may be inconvenient but so is losing your customer base to hackers.

If possible use hardware based network cards (INTEL makes a great solution) that only allows one device on your customer network to access only the single device on your internal network that they require to carry out authorized functions and processes.

Another great idea is to use an endpoint firewall solution.

If you would like to audit your third party vendors contact SLC Security at (919) 441-7353 to schedule an audit.

No comments:

Post a Comment