April 2008

	If your Internet provider filters incoming e-mail, please add ncxgroup.com to your list of approved senders to make sure you receive NCX Group Security Updates.
	CONTRACT VENDORS CAUSING MANY BREACHES Does your company maintain, transmit, store or process identifiable information from other businesses? How you safeguard your client’s critical information could result in damaging consequences. A review of Reported Data Breaches and Disclosures during 2008 lists a significant amount of breaches caused by third-party vendors. The breaches were attributed to internet exposure, stolen computers or laptops that were not encrypted, printing errors, and unprotected servers. Not only is a data breach likely to place liability with your company, it could cost you thousands in credit monitoring fees, litigation, and damage your relationship resulting in loss of business. Take for instance the Web content-management company, Verus Inc., who ultimately went out of business last year after it was disclosed that 91,550 patient records from at least five hospitals were exposed. The breaches were attributed to Verus’ IT employees that left a firewall down after transferring data between servers. Hospitals immediately terminated their contracts and investors pulled out. Then there was a class action suit against Certegy Check Services brought on last fall by 8.5 million consumers nationwide whose financial and personal data were stolen. The suit claims they did not “adequately protect confidential and personal information of its clients” when a senior database administrator employed by Certegy took confidential information of consumers’ records and sold them to a third party marketer. The first settlement was proposed this month and could cost Certegy millions of dollars. Vendors who handle human resources data or process customer identifiable information must continually evaluate their privacy policies and procedures to reduce the risk of a breach. When an outside vendor assumes the responsibility of personally identifiable information, it becomes their duty to safeguard the

ISSUE: April 2008


		Subscribe to Security Update

	2008 Reported Data Breaches Keep yourself updated on the latest security breach disclosures


	NCX Vision See What You’e Been Missing Learn more here >>



	Looking for Managed Security Services? Call us at 888-448-5451 or contact us below

	To have an NCX Group Representative Contact You Email us here

data entrusted to them. But it is also the responsibility of the hiring company to ensure their providers adhere to the strict security measures defined in the contract. Are independent security audits being performed? Is there oversight and guidance to ensure policies and processes are being followed? Last September, a third-party contractor of U.S. clothing retailer Gap Inc. was blamed for compromising the data of 800,000 people who applied for jobs. The third-party contractor had apparently violated an agreement with Gap by not encrypting the data on the laptop. So it’s one thing to have required security measures on paper and another to ensure they are actually being followed.

Accidents and mishaps can happen, but have you identified the risks and properly mitigated them to reduce unnecessary instances of exposure? NCX Group encourages hiring companies to contractually specify that security reviews be performed by vendors that handle their personal information. Breaches based on negligent acts or the lack of appropriate security measures can be forever captured on the Internet for people to remember. Let NCX Group help ensure the data you manage is safe from intrusion by performing a security review or penetration test. Call us today at 888-448-5451 for an appointment or request a representative to call you.

NCX Group, Inc. is a leading information risk management firm specializing in the assessment and mitigation of risk associated with today’s technologies and business processes.

NCX Group, Inc.
5000 Birch Street, West Tower, Suite 3000
Newport Beach, CA 92660
888-448-5451
www.ncxgroup.com