Don’t Get Caught Without Cyber Security in Ann Arbor and Plymouth
Gone are the days when one entity was involved in cyber security in Ann Arbor and Plymouth or beyond. Recent legal action has highlighted cases where big corporations are being held accountable for the security missteps of their vendors. It seems that the tide is turning and regulators are coming after large organizations for cyber security issues. Large organizations are now starting to be focused on instead of those that may work for them with the reasoning that it’s their responsibility to ensure their vendors are practicing industry standards in cyber security. This begs the question of whether every organization could be held accountable for their vendors practices, even if they don’t truly know what that vendor may or may not be doing.
The first company to be addressed is Wendy’s. The fast-food giant suffered a data breach in early 2016 as a result of malware having infected some of its systems at a variety of locations. According to sources, the malware had been installed through the use of which had been installed through the use of compromised third-party credentials. As their internal investigation continued, it was found that more locations that previously thought were affected – up to 1,000. This shows something can impact locations across the country and means that cyber security in Ann Arbor and Plymouth is just as important as cyber security anywhere else. As a result of this breach, a lawsuit was filed by one of Wendy’s customers. The suit states that Wendy’s “breached their duties of loyalty, care and good faith” by “failing to implement and enforce a system of effective internal controls and procedures with respect to data security”; “failed to exercise oversight duties by not monitoring the Company and its franchisees’ compliance with federal and state laws [and] payment card industry regulations”; failing to make full disclosure of the effectiveness of the company’s data security policies and procedures, as well as of the scope of the data breach; and permitting the company to violate payment card industry data security standards, particularly with respect to the company’s Aloha point-of-sale system.” The suit was eventually settled; however it still shows that organizations can be held responsible for the third-party providers they work with.
The second recent case involving third-party vendors is a complaint and proposed agreement noted by the Federal Trade Commission in regard to BLU Products Inc., a phone manufacturer. The FTC alleges that the company failed to “implement appropriate security procedures to oversee a vendor’s security practices. The FTC proposes that BLU require people to opt-in and consent to the collection, sharing, and use of consumer information. The issue arose when a third-party vendor’s software transmitted personal information about consumers to the vendor’s servers without their knowledge or consent. Information that was transmitted including text messages, location, full phone numbers, contact lists, and more. While this issue wasn’t necessarily a nefarious security breach, it was something that’s being taken very seriously. With new regulations, like the General Data Protection Regulation in the EU, individual information is being treated more seriously. How information is used, distributed, and collected is being examined and regulations that protect consumers are in the works far and wide.
Finding a trusted partner to provide cyber security in Ann Arbor and Plymouth is the first step in making sure that your systems, and those of your third-party vendors, are in compliance with regulations. If you’re looking for IT help, contact CMIT Solutions. We’re committed to security and creating a right-sized solution for your business.