The JP Morgan breach is just one of several major security failures of 2014. Among many questions raised, most obvious is one: how can a vendor guarantee protect you from damages resulting in an unsecured system? Vendors are on the radar as the Treasury Department points the finger at third party security.
For those of you who don’t know, over the summer a huge cyberattack on JPMorgan Case, one of the largest Bank companies, threatening the information of some 76 million households.
Chase says:
-No Credit/Debit information was stolen
-No SSNs or DOBs were stolen
-No Passwords were compromised
What was compromised?
-Your Name, Address, Email, and Phone Number.
In light of this attack, financial institutions are making a major push to improve vendor security. This includes law firms, marketing and accounting groups, as well as external services.
While this vague response certainly omits responsibility on the part of the brand itself, it does not help us learn from the breach. Where did JP Morgan Chase go wrong? How will the hack affect you, as a law firm, in your future cases with major financial corporations?
1. Due Diligence
Vendor procedures are about to come under major scrutiny. The public announcement that third party security failures were at fault will make the climate on hiring a third party incredibly data and risk management focused.
2. SEC Response
The Security and Exchange Commission will be auditing firms to assess their readiness. This can be considered similar to a penetration test. Firms need to be prepared for hacker attacks, and as of now, financial regulators consider their security to be as good as their weakest link – the vendor’s security.
3. Vendor Security becomes a Top Concern
While JP Morgan has not directly blamed vendors, it’s clear the public eye and financial regulators are taking this as a sign of weakness on behalf of forces outside of financial institutions. Smaller firms will have a harder time securing a spot as a vendor to a major financial institution, and will need to be ready to undergo compliance and invest in advanced security measures. This will continue to be a major concern and threat area, so there is no time like the present.
What can you do to improve your security? Read more about where your law firm security is failing>>
