What You Need to do Before Providing Network Access to a Third Party
1. If you must provide third parties access to your network, insist upon strong, unique, hard-to-crack passwords for each login and several levels of authentication to reduce the chances your network will be compromised.
2. Even if you trust a third-party, limit what they can do on your network – limit access to the absolute minimum they require to do their job.
3. Have software applications and human review systems in place to monitor network access, the data accessed, and a reporting escalation process for suspicious or unusual activity so it can be promptly investigated.
4. Require third-party vendors, service suppliers and contractors to meet minimum security procedures. If they do not meet your baseline standards, don’t give them access to your network.
5. In your terms of purchase or service with the third parties, require them to indemnify you from any loss or damage resulting from their access to your network.
Disclaimer: The information in this post is provided for general informational purposes only, and may not reflect the current law in your jurisdiction. No information contained in this post should be construed as legal advice from our firm or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a lawyer licensed in the recipient’s state, country or other appropriate licensing jurisdiction.