Third-Party Troubles Bank of America Breached Through Hacked Vendor

Claim Your FREE Cybersecurity Risk Assessment for peace of mind before leaving the office.

Why Your Data’s Safety Is Only as Good as Your Weakest Vendor 

The recent data breach impacting Bank of America customers has shed light on the critical importance of third-party vendor cybersecurity. This breach wasn’t a direct attack on the bank but came through Infosys McCamish Systems (IMS), highlighting the domino effect in the interconnected world of financial services. 

The exposed information of approximately 57,028 individuals include sensitive data such as:

  • Full Name  
  • Address  
  • Email address  
  • Date of birth  
  • Social Security numbe
  • and potentially other account information

This event underscores the need for rigorous cybersecurity measures and due diligence in managing third-party relationships.  

Here’s how businesses can enforce cybersecurity best practices on their vendors:

Comprehensive Vendor Assessment

Security Audits and Assessments: Before engaging with a vendor, conduct thorough security audits to evaluate their cybersecurity posture. This should include reviewing their incident response history, data protection measures, and compliance with industry standards.

Continuous Monitoring: Implement continuous monitoring of the vendor's cybersecurity practices. This could involve regular security assessments and audits to ensure ongoing compliance with agreed-upon standards.

Establishing Strong Contracts

Cybersecurity Requirements: Contracts with third-party vendors should explicitly outline cybersecurity requirements. These requirements can include adherence to specific security standards, regular reporting on security status, and immediate breach notification protocols.

Liability Clauses: Include clauses that clearly define liability in the event of a data breach. This should cover aspects like financial responsibility for damages and obligations for notifying affected individuals.

Incident Response Coordination

Joint Response Plans: Develop a coordinated incident response plan that includes both your organization and the third-party vendor. This plan should outline roles, responsibilities, and communication strategies in the event of a data breach.

Regular Drills: Conduct regular incident response drills with your vendors to ensure that both parties are prepared to act swiftly and effectively in the event of a cybersecurity incident.

Ensuring Data Privacy

Data Access Controls: Limit the vendor's access to only the data necessary for them to fulfill their service obligations. Implement strict access controls and monitoring to ensure data is not misused or accessed without authorization.

Encryption and Data Protection: Require that vendors use strong encryption standards for data at rest and in transit. This helps protect sensitive information from being intercepted or accessed by unauthorized parties.

Vendor Risk Management Program

Risk Assessment: Incorporate third-party vendors into your organization's overall risk management program. Assess and categorize vendors based on the level of risk they pose to your organization.

Regular Reviews: Conduct regular reviews of your vendor risk management program to account for changes in vendor services, the threat landscape, and regulatory requirements.

Training and Awareness

Security Awareness Training: Ensure that vendors provide their employees with regular security awareness training. This can help mitigate risks posed by human error, which is a common cause of data breaches.

The Bank of America incident with Infosys McCamish Systems is a potent reminder of the vulnerabilities that exist when third-party vendors are involved. By implementing stringent cybersecurity best practices and fostering a culture of continuous improvement and vigilance, businesses can significantly reduce the risks associated with third-party vendors and protect their customers’ sensitive information from potential breaches.

Your reputation is something you can never get back once you’ve been a victim of a cybercrime and your customers data is put at risk. Let me show you how we help hundreds of financial companies mitigate third-party vendor risks and ensure security.

Take the first step towards reviewing your security with a FREE Complete Technology Assessment and Compliance Review: Click here to Schedule