Home » Publications » Insights » NJBIZ: Vendor Vexation: Third-Party Providers Can Open Door to Hackers

NJBIZ: Vendor Vexation: Third-Party Providers Can Open Door to Hackers

Published on: | by

Lindabury’s Cybersecurity and Data Privacy Practice Group Co-Chair Eric Levine was recently interviewed by NJBIZ regarding the recent security lapse of a South Jersey physicians network which wiped out the password protection on a supposedly secure site.

Eric says, “A company that engages in thorough due diligence may be able to use that as a defense if it’s sued as a result of a third-party provider hack.”

“It’s important to deal with cybersecurity and other issues up front, especially when you’re dealing with a new vendor,” Levine said. “Consider the depth of access to your data that they need, too. If a firm is just providing you with paper products, they don’t need deep access to your data, so a cybersecurity audit may not be very important.

“But if it’s a payroll processor and employee benefits provider with access to your sensitive information like social security numbers, bank accounts or medical information, you want to make sure that some kind of cybersecurity audit and other concerns are addressed in your contract,” he added.

Proper internal training and company-wide communications are also important.

“Earlier this year, a New Jersey-based client in the professional services industry advised us their email server had been hacked,” Levine said.

No personal information appeared to be accessed, but the law firm alerted its employees.

“Later that day, our human resources director received what appeared to be a routine request for information from that client,” Levine said. “Normally she would have gone ahead and processed it, but because of the notification of the hack and in-house employee training she had just completed, she immediately contacted me, since I’m a lead contact for our firm’s Incident Response Team.”

Levine contacted the client, who said their company had not issued the email request. “So we deleted it, distributed another company-wide warning and celebrated the fact that we had avoided this attack,” he said.

You can read the full online text of the NJBIZ article here. (may require a subscription)

by
Published on:
Updated:

Comments are closed.

Contact Information
Westfield - Main Office
53 Cardinal Dr
Westfield, NJ 07090
Tel: 908.233.6800Fax: 908.233.5078
Summit
469 Morris Ave
Summit, NJ 07901
Tel: 908.273.1212Fax: 908.273.8922
Red Bank
One River Centre, Building Two
331 Newman Springs Rd #225
Red Bank, NJ 07701
Tel: 732.741.7777Fax: 732.758.1879
New York
200 Liberty St 27th floor
New York, NY 10281
Tel: 212.742.3390Fax: 212.269.5016
Newtown
Silver Lake Executive Campus
41 University Dr #400
Newtown, PA 18940
Tel: 267.757.8716
Mailing Address
53 Cardinal Dr
P.O. Box 2369
Westfield, NJ 07091
We serve clients throughout New Jersey, New York, and Pennsylvania including: Union County including Westfield, Summit, Linden, and Cranford; Essex County including Newark and Livingston; Mercer County including Trenton; Middlesex County including Edison, Woodbridge, and New Brunswick; Monmouth County including Red Bank, Middletown, Eatontown, and Freehold; Morris County including Morristown and Parsippany-Troy Hills; and the cities of New York and Philadelphia. View More

Attorney Advertising

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please do not include any confidential or sensitive information in a contact form, text message, or voicemail. The contact form sends information by non-encrypted email, which is not secure. Submitting a contact form, sending a text message, making a phone call, or leaving a voicemail does not create an attorney-client relationship.

Copyright © 2016 – 2024, Lindabury, McCormick, Estabrook & Cooper, P.C.
JUSTIA Law Firm Website Design