Check your outsourcing contracts!
Is your IT managed or used by external service providers?
You allow access, based on a contract between you and your partner. But when was the last time you have reviewed these contracts? Are they still compliant? Are they aligned with current laws and regulations? Do they fulfill the new request of the General Data Protection Regulation? Do they require using modern technologies?
We saw a lot of contacts. And they don`t. If you see paragraphs like:
- “Any connection must be established via VPN.”
- “All access has to be documented by the service provider, the client may view the records after request.”
- “Any access component needs the latest security patches and virus scanner.”
- “Connections are allowed to use only for the requested purpose.”
Delete them completely! They are worthless and fulfill not what they request to achieve: security, control, transparency.
- “Access is done via VISULOX.”
You achieve a guaranteed logical and physical split between untrusted client networks and the company network (VPN does not and needs latest security patches on both sides).
The access has a built-in film documentation, who did what way and when and controls the file transfer.
The solution does not need any software component on the client or on your servers. It exists since more than 10 years and is being used in small and large enterprises world wide.
VISULOX is a turnkey solution to control the access of privileged users, as requested in EU General Data Protection Regulation or other laws.
The Target case, “a chain is only as strong as its weakest link”
To see how important it is to have a secure access for external providers, you need only to look into the “Target” case: the USA retail store Target had a major security breach when their store POS systems where hacked and compromised with malware, that stole millions of credit card records, costing millions of dollars on insurance, new card issues and lower sales from bad publicity. In this case, the whole problem started when a malware stole one of the external providers credentials, who had internal network connection rights and used them to spread around the internal server infrastructure. Having a solution like VISULOX could have prevented this problem, with features such as network split and Two Factor Authentication, the stolen credentials wouldn’t have presented such a high risk and the POS malware attack wouldn’t have taken place. See: https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ for more information on this case.