Working With a Third Party? Here’s What You Need To Know!
Have you ever spent weeks working with a colleague only to realize later that they don’t work for your organization? No, they aren’t an imposter; they’re a member of a third-party organization!
A third party is any organization or individual that provides goods or services but is not directly on your payroll. This could be someone from an outside accounting service, a custodian from a cleaning service that the organization hired, or even a consultant helping with process improvement.
Whatever or whoever they are, third-party contractors can be a vital part of your organization’s operations! However, there are additional rules and guidelines when working with third parties.
First Things First
Your organization will have its own rules and procedures that dictate how to interact with third-party contractors in addition to standard security practices. Cybercriminals target third-parties because they often lack the high levels of security that larger organizations have in place but still have access to your organization’s systems.
Loose Files Can Travel For Miles
When working with a contractor, they may need access to files or information you control. Don’t grant access just because you were asked. Verify the reason for the request and make sure it is legitimate. For example, the maintenance team does not need access to accounting projects. Verify, verify, verify!
Generally speaking, contractors are reliable, trustworthy members of the team, but cybercriminals often view them as an easy way to sneak into your organization’s systems. So, be on the lookout for strange behavior when working with third parties. If you spot someone attempting to unnecessarily access systems, copying down sensitive information, or repeatedly requesting access to files they don’t need, you should alert your security team immediately.
Third parties are often necessary and can be vital to an organization’s operations, but they are also top targets of cybercriminals, so remember these tips:
Check your organization’s policies on working with contractors.
Don’t grant access to files without verifying the validity of the request and the identity of the requester.
Immediately report any suspicious or strange behavior according to your organization’s policy!
Eric began his career in healthcare, and he has been working in the IT field since 2006 when he graduated from Northern Illinois University. Eric specializes in Infrastructure, SQL and compliance: Licensing, HIPAA, GLBA and PCI.