Real World Risk Management Practical HR Resources
welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD
print   email   Share

Make Sure Your Contractor's Cybersecurity Weaknesses Don't Become Your Cybersecurity Weaknesses

Clearview AI, a facial recognition company that contracts with law enforcement agencies, recently announced that an intruder accessed its entire client list.

According to The New York Times, the organization has scraped three billion images from the internet, including from Facebook, YouTube, and Venmo. Law enforcement officials have turned to Clearview for help, particularly to identify the victims of child sexual abuse.

Clearview AI told customers that a third party "gained unauthorized access" to its list of customers; the number of user accounts those customers had set up; and the number of searches its customers have conducted. The notification said that no law enforcement agencies' search histories were compromised.

The organization stated that the intruder, which it did not call a hacker, had not breached its servers or compromised its systems or network. It said that it fixed the vulnerability that allowed the unauthorized access. Betsy Swan "Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen" thedailybeast.com (Feb. 26, 2020).

Commentary

Unfortunately, your private data is only as safe as the cybersecurity protections of your contractors that store it.

Before contracting with a third party, examine their cybersecurity protections and policies. Only work with contractors that enforce cyber protections that are at least as stringent as your own.

It’s also important to only select contractors that access only the data they need to perform their role. Only work with contractors that recognize the responsibility of protecting private data. Show preference to solutions or partners that only need minimum access to your data. 

Finally, monitor the sharing of data with your contractors to make sure that they are only accessing what they say they are accessing. Create your own cybersecurity protections to keep contractors out of databases to which they should not have access. Make sure you have a way to protect private data from hackers when transmitting it to contractors.

Finally, your opinion is important to us. Please complete the opinion survey:

Strengthening The Weakest Link To Prevent Social Engineering Attacks

Twitter experiences a social engineering attack. We explain why training and strong policies can help strengthen your weakest security link.

read more

Are Your Employees Ransomware Ignorant?

A new survey suggests that many employees don't know what ransomware is or how to avoid it. Read tips for protecting your organization and its data.

read more

New Vulnerabilities Are Emerging: Addressing Multi-Vector Attacks Now Is Important

Cybercriminals are using more sophisticated techniques, including attacking Macs and multi-vector attacks. Learn what steps can prevent such attacks.

read more

Cyber Awareness Leads To Better Cybersecurity

Employers must stress cybersecurity practices for teleworking employees. We examine.

read more