5 Ways to Prevent a Third-Party Data Breach
30Dec
Third party data breaches can be scary, and they are also frighteningly common and often harder to detect and recover from than a typical data breach. That’s why Sadoff has put together a list of 5 ways to prevent a third-party data breach. All of these taken together are still not going to 100% protect you, but they will go a long way. As we go through them, we will also tell you what Sadoff E-Recycling & Data Destruction is doing to prevent such a breach.
1. Carefully Vet Your Vendors
When you forge a relationship with another company, especially when there is going to be sharing of data involved—even data for destruction purposes—you want to make sure that the company you are working with is on the up and up.
This is just one of the reasons we recommend being cautious of so-called “free” e-recycling services. If a vendor seems too good to be true, they just might be. How every vendor is vetted will ultimately be different depending on the services they will be providing, but it’s good to start by ensuring they have industry-leading certifications in their field.
The Sadoff Solution:
At Sadoff, you could almost say that we vetted ourselves. With our intense certification processes including our R2 certification, we have already undergone the training, implemented the processes, and use the technology that ensures the ongoing safety of your data.
2. Take Inventory
You should maintain an inventory of all your vendors and what they have access to. This is supremely important because if you decide to cut ties with a vendor, then you know what access—if any—has to be revoked. If there is a third-party data breach, a well-maintained inventory like this will also make tracking down the culprit much easier.
The Sadoff Solution:
We of course encourage you to take inventory on your own, but we always will as well and we can even provide certificates of destruction for any drives that we destroyed to allow you to rest easy.
Read More: What Devices Can Cause a Data Breach?
3. Manage Privilege
Never provide more privilege than is expressly needed by a third party, even if they ask for it. Not only does this mean managing access to data but also managing privileges as well and removing access when it is no longer needed.
The Sadoff Solution:
We are never going to ask for more privilege than we need, and in most cases, our “privilege” comes down to you physically handing off your drives and data to us. If your drives are encrypted or password protected, we will not need those keys or passwords to complete the data destruction as we will never need to directly access any of the data on any drive.
4. Consider Fourth-Party Risk
Does your contractor contract with other contractors to get the job done? Many do, and if they do this whole system could break down. Ensure that any fourth party is disclosed and that those fourth parties are also vetted and don’t potentially also use another contractor.
The Sadoff Solution:
When you entrust Sadoff to destroy your data, you don’t have to worry about the fourth-party factor. We destroy all data in-house and onsite. We never contract out to fourth parties for either physical or digital data destruction. If you need to freight your devices to one of our facilities we can make the necessary arrangements to ensure that your data remains safe.
Categorized in: Data Security