Real World Risk Management Practical HR Resources
Are you a new user?

print   email   Share

Make Sure Your Contractor's Cybersecurity Weaknesses Don't Become Your Cybersecurity Weaknesses

Clearview AI, a facial recognition company that contracts with law enforcement agencies, recently announced that an intruder accessed its entire client list.

According to The New York Times, the organization has scraped three billion images from the internet, including from Facebook, YouTube, and Venmo. Law enforcement officials have turned to Clearview for help, particularly to identify the victims of child sexual abuse.

Clearview AI told customers that a third party "gained unauthorized access" to its list of customers; the number of user accounts those customers had set up; and the number of searches its customers have conducted. The notification said that no law enforcement agencies' search histories were compromised.

The organization stated that the intruder, which it did not call a hacker, had not breached its servers or compromised its systems or network. It said that it fixed the vulnerability that allowed the unauthorized access. Betsy Swan "Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen" (Feb. 26, 2020).


Unfortunately, your private data is only as safe as the cybersecurity protections of your contractors that store it.

Before contracting with a third party, examine their cybersecurity protections and policies. Only work with contractors that enforce cyber protections that are at least as stringent as your own.

It’s also important to only select contractors that access only the data they need to perform their role. Only work with contractors that recognize the responsibility of protecting private data. Show preference to solutions or partners that only need minimum access to your data. 

Finally, monitor the sharing of data with your contractors to make sure that they are only accessing what they say they are accessing. Create your own cybersecurity protections to keep contractors out of databases to which they should not have access. Make sure you have a way to protect private data from hackers when transmitting it to contractors.

Finally, your opinion is important to us. Please complete the opinion survey:

5G Networks Pose New Cyber Risks: What Steps Can Organizations Take To Lower The Threat?

5G networks are more vulnerable to cyberattacks, meaning organizations that use them must take additional precautions. We examine.

read more

Sharing Files Or Malware? Why Users Must Stay Vigilant Even When Collaborating

Systems experts think they may have found a flaw in Google Drive's file storage system that would allow hackers to download malware. Read how to avoid infection.

read more

Does Your Website Need To Be GDPR Compliant?

Organizations must make sure their data collection practices adhere, if required, to the E.U. guidelines. We examine.

read more

Strengthening The Weakest Link To Prevent Social Engineering Attacks

Twitter experiences a social engineering attack. We explain why training and strong policies can help strengthen your weakest security link.

read more