You might uphold the best information security practices around, but your data is only as safe as your weakest link, and that link could be a third party.

Partners and suppliers that have access to your networks and computers put your company at risk if they don't embrace security measures as effective as your own, writes Roger A. Grimes at InfoWorld.

The massive network attack on RSA, which ultimately was carried out to get the vendor's customers' data, is a case in point. Any vendors network "should be considered an extension of your own," Grimes warns.

It's not uncommon that a vendor visiting a customer site has brought with it a laptop or USB stick infected with malware. "Much of the data lost over the past decade can be traced back to the partners who were entrusted to safeguard the data," he writes.

Grimes advises businesses to find out if their vendors and partners uphold at least an equivalent level of security, and to be sure to verify the answer. "Don't simply ask them to read your security policies and agree to abide by them, especially not just as a paperwork formality that everyone must undergo in order to work together," he cautions.

If you really want to be sure that a partner's security posture is on par with yours, do a physical audit and look carefully at its network. "When I've conducted an audit, I've always discovered security risks that the company was either unaware of or did not share," Grimes writes. "If possible, secure the right to conduct security-policy reviews and the ability to do some limited auditing to assure the third party is following expected policy before you allow them access on your network."

For more:
- see Roger A. Grimes's post at InfoWorld

Related Articles:
Email used in RSA SecurID break-in revealed
Stolen RSA SecurID data blamed for hack attempts at L-3 Communications
Lockheed Martin confirms intrusion, shuts down remote network access