welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD
print   email   Share

Make Sure Your Contractor's Cybersecurity Weaknesses Don't Become Your Cybersecurity Weaknesses

Clearview AI, a facial recognition company that contracts with law enforcement agencies, recently announced that an intruder accessed its entire client list.

According to The New York Times, the organization has scraped three billion images from the internet, including from Facebook, YouTube, and Venmo. Law enforcement officials have turned to Clearview for help, particularly to identify the victims of child sexual abuse.

Clearview AI told customers that a third party "gained unauthorized access" to its list of customers; the number of user accounts those customers had set up; and the number of searches its customers have conducted. The notification said that no law enforcement agencies' search histories were compromised.

The organization stated that the intruder, which it did not call a hacker, had not breached its servers or compromised its systems or network. It said that it fixed the vulnerability that allowed the unauthorized access. Betsy Swan "Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen" thedailybeast.com (Feb. 26, 2020).

Commentary

Unfortunately, your private data is only as safe as the cybersecurity protections of your contractors that store it.

Before contracting with a third party, examine their cybersecurity protections and policies. Only work with contractors that enforce cyber protections that are at least as stringent as your own.

It’s also important to only select contractors that access only the data they need to perform their role. Only work with contractors that recognize the responsibility of protecting private data. Show preference to solutions or partners that only need minimum access to your data. 

Finally, monitor the sharing of data with your contractors to make sure that they are only accessing what they say they are accessing. Create your own cybersecurity protections to keep contractors out of databases to which they should not have access. Make sure you have a way to protect private data from hackers when transmitting it to contractors.

Finally, your opinion is important to us. Please complete the opinion survey: