This is a short update to my recent blog post about the use of personal data and how easy it is for us to give this information up. I was lucky enough to be hosting a recent achievers trip for our key people and leading sales reps. NTT Com Security had a very good year and we reward, not only sales people, but also our key contributors across the entire business.
Anyway, to help arrange the trip and to co-ordinate travel and accommodation we, like most, use an events company. I’m sure you can all guess where this is going. To organise travel and accommodation, all sorts of personal information is involved including passport numbers, DOB and dietary requirements. As part of the requirements to provide services to our company, any provider has to complete a risk assessment. This is standard practice for us and covers the handling of personal data and the requirements to restricted access. This has to form the core of every business, no matter what sector they are in.
As we have seen in far too many cases, third party access is often the weakest part of a company’s defence. For us, this is standard practice and this should also be the case for any company using third party services. It is often assumed that they take security as seriously as you do but assumptions make an a** of you and me. Happily, the sharing and correct handling of information in this case resulted in a pleasant birthday surprise!
Don’t be caught out. Collaboration is essential in today’s digital economy but evaluate the controls and policies of your partners and take their security are seriously as you take yours.