3rd Party Providers

Let me start with an old bugbear of mine: Outsourcing!

Outsourcing some business function allows organisations to concentrate more on core business activities and when implemented strategically, can ultimately result in better productivity, profits, shareholder dividends and more. Outsourcing to third party providers that specialise in those core business systems and provide the service at a competitive price can be a good option for many organisations. Staff costs alone can be significantly reduced. The problem is (and the question I have always had) - what is the compromise?

It used to be quality of service. A third party might not give you the same level of service you had previously and have come to expect, just make a support call to Telstra or Optus or iiNet and you’ll quickly see what I mean. But more scarily, what guarantees do we have that they are doing at protecting our privacy and data?
Clearly, they’re not all doing so well.

What does that mean for us? We don’t have a choice which 3rd parties our accounts go through, who our data is shared with or even where it is stored.

Cybercriminals are increasingly sophisticated, shifting their focus from direct assaults on well-defended organizations to exploiting their trusted partners. These "supply chain attacks" leverage a single point of entry within a vendor's system to gain unauthorized access to multiple, often larger, client networks. This trend is alarming, with figures showing a dramatic surge in such incidents over the past few years. 

As a consumer, it’s frustrating to feel like your data is at risk due to a company's third-party providers, especially since you have no direct control over their security practices. 

However, there are definitely proactive steps you can take to minimize your exposure and protect yourself:

1. Be Mindful of What You Share (and Where):

• Data Minimization: Before signing up for a service or making a purchase, consider if you really need to provide all the information requested. Many forms ask for optional details. If it's not essential, don't provide it.
• Review Privacy Policies: While they can be lengthy, try to skim privacy policies for key information. Look for sections on data sharing with third parties, data retention periods, and how they protect your information. If a policy is vague or doesn't seem to prioritize your privacy, consider if you truly need to use that service.
• Limit Account Creation: Do you really need an account for every single website you visit? If it's a one-off purchase, consider using a guest checkout option if available to avoid creating a persistent data profile.

2. Strengthen Your Own Digital Hygiene:

• Strong, Unique Passwords: This is paramount. Never reuse passwords across different accounts. Use a strong, complex password (a mix of uppercase, lowercase, numbers, and symbols) for each service. A password manager can help you manage these securely.
• Enable Multi-Factor Authentication (MFA): Whenever possible, activate MFA (also known as two-factor authentication or 2FA). This adds an extra layer of security, usually requiring a code from your phone or a hardware key in addition to your password. Even if a third-party breach exposes your password, MFA can prevent unauthorized access to your account.
• Be Skeptical of Phishing Attempts: Data breaches, especially those involving contact information, are often followed by phishing attempts. Be extremely wary of unsolicited emails, texts, or calls asking for personal information, login credentials, or urging you to click suspicious links. Always verify the sender and the legitimacy of the request.
• Keep Software Updated: Ensure your operating system, web browsers, antivirus software, and all applications on your devices are regularly updated. These updates often include critical security patches that protect against known vulnerabilities.

3. Act Quickly When a Breach is Disclosed:

• Monitor for Breach Notifications: Pay attention to news about data breaches, especially from companies you do business with. Companies are often legally required to notify affected individuals.
• Change Compromised Passwords Immediately: If you're notified of a breach affecting a service you use, change your password for that service immediately. If you've used the same password on other sites (which you shouldn't!), change those too.
• Enable Fraud Alerts/Credit Freezes: If the breach involves sensitive financial information or identity data (like Social Security numbers), consider placing a fraud alert or credit freeze on your credit reports with major credit bureaus. This makes it harder for identity thieves to open new accounts in your name.
• Monitor Financial Statements and Credit Reports: Regularly review your bank and credit card statements for any suspicious activity. You're entitled to a free credit report from each of the major credit bureaus annually – take advantage of this to check for any unauthorized accounts or inquiries.
  
• Be Wary of Scams: Be extra vigilant for scam calls or emails that claim to be from the breached company, offering "help" or asking for more personal information. Always go directly to the company's official website or customer service number to verify any communications.
  

​

Ep334

Image created by AI