Data Privacy & Security Service Digital Digest_Spring 2019

Reasons why you should manage your third-party security better in 2019

Vetting third parties and monitoring them for cyber gaps is getting increasingly difficult. Hackers are more creative and effective in breaching data and the number of third parties employed by organizations has risen from 378 in 2016 to 588 in 2018.

know how and with whom it is being shared. Using an automated third- party security management system regulates and continually evaluates third parties for compliance.

New regulations are on the way, and the penalties for not complying are becoming more significant. Many states are regulating data privacy rights, so citizens know what data is being collected about them, are guaranteed the right to edit and access this data, and have the right to

Use this link to read more on this issue.

Why many organizations still don’t understand cybersecurity

The overall assessment is that most leadership/ management under-invests in cybersecurity. They tend to think of cybersecurity as a finite problem that can be solved rather than an ongoing process that must constantly be addressed.

The focus should be risk management, not risk mitigation.

For some case studies of organizations taking the lead, check out this link.

Comptroller’s Corner

Cybersecurity weaknesses are commonly cited in NYSED school districts IT audits conducted in 2018 and 2019. A New York State school district was cited in a 2019 information technology audit for not adopting “adequate security policies and procedures to safeguard IT assets.” The school district was also cited for not providing information technology

security training to employees.

Recommendations included: • Adopt comprehensive IT security policies, procedures and plans to safeguard IT assets and data.

• Provide periodic IT security awareness

training to personnel who use IT resources.

Made with FlippingBook - professional solution for displaying marketing and sales documents online