In the RIA community, we can certainly learn from the Uber breach.
Whether you’re evaluating a third-party provider, it’s not enough to hear, “The data is encrypted.”
Vulnerability can start long before the data is encrypted.
Every portfolio management solution, rebalancing CRM, or backup company will tell you that their data is encrypted. But what happened before the data got encrypted? Every program that is written must be executed under authority to access data…otherwise the program can’t do anything. So it doesn’t matter if the data is encrypted when someone initially had administrative rights—because admin rights provide access to everything.
Choose your vendors wisely
It’s your job to screen your vendors, because when a third-party vendor has an issue—it’s ultimately your issue. Do your due diligence. Start at the very beginning. When vetting any kind of third-party vendor—consider/ask the following:
It happens all the time. When auditing source code, major holes are often found that leave back doors for programmers. Without strict controls, you don’t know what a programmer has put in the code or shared. This is why, when any kind of development is done—auditing procedures must start at the beginning.
If Uber made this error, there are countless others who’ve done the same—because security wasn’t architected properly from the beginning.
Need help vetting vendors? At RSS, we will help you make secure decisions. Let’s talk.
Active monitoring and implementation of cybersecurity protocols and procedures using leading edge technology keeps your business and your data safe and secure.
Rely on our industry expertise to reduce your IT burden and access the best technology solution to help your business grow.