Important distinction; You fire any contractor who does it *repeatedly* after communicating the requirements for securing your data. Zero-tolerance for genuine mistakes (we all make them) just leads to high contractor turnaround and no conceivable security improvement; A a rotating door of mediocre contractors is a much larger attack surface than a small set of contractors you actively work with to improve security. ~ a On Mon, Oct 8, 2018, at 4:53 AM, Naslund, Steve wrote:
You just need to fire any contractor that allows a server with sensitive data out to an unknown address on the Internet. Security 101.
Steven Naslund
From: Eric Kuhnke <eric.kuhnke@gmail.com>
many contractors *do* have sensitive data on their networks with a gateway out to the public Internet. ----------------------------------------
I could definitely imagine that happening.
scott