Important distinction; You fire any contractor who does it *repeatedly* after communicating the requirements for securing your data.
Zero-tolerance for genuine mistakes (we all make them) just leads to high contractor turnaround and no conceivable security improvement; A a rotating door of mediocre contractors is a much larger attack surface than a small set of contractors you actively work with to improve security. ~ a On Mon, Oct 8, 2018, at 4:53 AM, Naslund, Steve wrote: > You just need to fire any contractor that allows a server with sensitive > data out to an unknown address on the Internet. Security 101. > > Steven Naslund > > >From: Eric Kuhnke <eric.kuh...@gmail.com> > > > >many contractors *do* have sensitive data on their networks with a > gateway out to the public Internet. > >---------------------------------------- > > > >I could definitely imagine that happening. > > > >scott