You may find that your business relies heavily on the technical support provided by third-party hardware and software providers. But have you ever considered whether your vendors have direct access to your business’s internal IT network without having to gain permission from someone within your business? If you’re not positive about how to answer, then it’s probably time to do some digging to see if that’s the case or not. It’s possible that your vendor(s) has access to your business’s sensitive data and devices.
As a follow up question, does your vendor(s) notify you when an employee leaves their company? Do you know if the employee’s departure was on good terms? Do you have procedures in place with your vendor to change vendor passwords when one of their employees leaves?
If you’re not asking these questions within your organization, then you should be. Many businesses and governments now allow their heating and cooling vendor to have a server set up or installed virtually within their networks. Anytime a vendor has direct access to your network there’s the potential for a security violation.
While this issue is an important one for all businesses to consider, the recent discovery that the Target breach was possibly caused by obtaining vendor credentials makes this an even more critical issue for businesses to tackle.
IT Network Security Tips
Here are some tips that you can employ to help ensure your business’s IT security:
- Secure your network by only allowing vendors access to your network by contacting your business by phone and gaining permission.
- Allow only a handful of specific individuals within your organization to give permission to allow vendor access to your systems.
- Use an agreed upon password between you and your vendor(s) to help eliminate possible phone scams if a large support staffs is involved.
- Configure firewalls to only allow certain IP address ranges to gain direct access.
- If your vendor insists that direct access to your network is needed, require them to supply a set of procedures that will be followed when an employee leaves the vendors company.
IT Audit Help
By following these few suggestions you can take the extra steps required to maintain the security of your organization’s critical data. If you need some additional advice and guidance, contact Rea & Associates. Our IT audit professionals can work with you to determine the strength of your IT systems and help you figure out what changes you might want to make.
Author: Joe Welker, CISA (New Philadelphia office)
Looking for additional ways to protect your business’s IT network? Check out these posts: