A 2019 Ponemon Institute report found that over half of all data breach incidents in the U.S. are a result of unauthorized third-party access and on average, cost an organization $73 million. Several of the past year’s most notable breaches were a direct result of third-party access.
In June 2019, tens of thousands of images from the U.S. Customs and Border Protection (CBP) Agency were stolen when a subcontractor transferred the images to their own network, which was subsequently hacked. In another 2019 third-party breach, personal data of almost 12 million patients was compromised when an unauthorized user gained access to Quest Diagnostics’ sensitive data via a billing collections vendor named American Medical Collection Agency (AMCA).
Losing data to breaches puts businesses at a competitive disadvantage and can impact them in unforeseen ways. Along with 46% of organizations who are worried about financial loss, the recent Securing the Digital Workplace: Cloud Industry Outlook 2019 report indicates that when it comes to a data breach…
- 47% are most concerned with the loss of customer trust.
- 42% fear reputational damage.
- 33% are afraid of customer loss.
- 33% worry about penalties by regulatory bodies.
- 29% are concerned with mitigating loss across a multi-cloud environment.
Given the escalating frequency of third-party breaches, organizations must increasingly weigh the risk of sharing data with key partners against core business needs, which in today’s fast-paced digital workplace is paramount to success. Unfortunately, given the proliferation of third-party data breaches and the current cyber threat environment, hoping partners “do the right thing” and prioritize security to adequately protect data from increasingly sophisticated threats simply is not enough. Organizations must take proper precautions to ensure that they remain in control of their data, at all times, no matter where it is shared.
The Power Lies in the Hands of the Data Controller
As a recent Washington Post article points out, data is a form of power. For marketers, data gives them the power to successfully target ads, for politicians, the power to reach a key demographic, and for organizations like yours, the power to drive innovation and growth. But that power can easily end up in the wrong hands in the event of a data breach.
When it comes to protecting your organization’s most sensitive information and retaining power (remaining in control of your data), privacy and security must be synonymous. After all, without a data security program in place, you’re putting your privacy at risk. Why?
Because 54% of organizations are sharing data more frequently than they were one year ago. Yet, only 36% of organizations feel “completely prepared” to react to a breach. All it takes is one weak link in your supply chain to expose your data. Therefore, preventing unauthorized third-party access is the key to data privacy in today’s age of the breach. Here’s how to do it.
Preventing Unauthorized Third-Party Access to Sensitive Data
To ensure true privacy, steps must be taken to prevent third-party access. Considering that 51% of data sharing occurs via email and 60% of organizations are also using cloud file storage systems, such as Google Drive, DropBox, and iCloud, two of the most essential features to look for in your privacy management solution are client-side, end-to-end encryption and flexible key management capabilities.
Reinforce your cloud email provider’s native encryption with a third-party app that provides end-to-end, data-centric, client-side encryption. This ensures that all unauthorized parties—including both bad actors and the cloud vendor itself—are not able to access your most sensitive data. Implementing client-side encryption closes the loophole of third-party access. For example, if you send product specifications to a vendor as a Gmail attachment, protecting that attachment with end-to-end encryption ensures that even if the vendor is hacked, your data is still private and secure.
Encryption Key Management
After implementing end-to-end protection, next, consider how your encryption keys are managed. Just as you wouldn’t store your house keys right next to your front door, you should consider separating your encryption keys from your encryption provider. Unless you trust how your keys are managed, encryption is virtually useless. Cloud providers, themselves, don’t give you complete control over your data and how it’s protected. Find a complementary technology solution that gives you this control by owning your encryption keys. By hosting the keys yourself, you eliminate the fear associated with third-party access to your data.
Privacy Powers Innovation and Growth
Protecting data from unauthorized third-party access is key to preserving privacy, yet multi-cloud environments and digital sharing workflows often leave private data at risk of exposure. Alongside new regulations, such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), privacy is now a critical business and social issue.
Aside from the obvious—better preparing your organization to react in the event of a breach—organizations that take a leading-edge approach to privacy have a crucial competitive advantage in this new landscape.
To learn more about how Virtru helps accelerate privacy initiatives with data-centric protection and persistent controls that prevent unauthorized access, get in touch with one of our data privacy experts.