The three main themes communicated during this WaterSide Chat were as follows:
- When evaluating third-party vendors, utilities should begin gathering information on the vendor’s security practices as soon as possible.
- Challenging when PII or sensitive data is gathered is important in trying to minimize risk. Without a clear justification, utilities should avoid gathering this kind of data whenever possible.
- Continuous internal staff training is critical, as human error can often be one of the largest risks to information security.