We are opening up a wellness clinic and we were planning to use a managed service company for internet, network, and security. I was appalled by the managed services suggestions. Privacy of our patients and their data is critical, and the managed service company wants to send all of our feeds to third parties and give third parties direct access to our network.
We decided this was a privacy and security risk, and have gone in a completely different direction, but it would not surprise me if most businesses used one of these companies and just went with whatever they suggested without understanding at all what is at stake or who has access to the data.
It's "hilarious" how incompetent some companies are.
One background check firm used by a previous employer of mine sent me an email saying:
"Hi FireBeyond, doing a background check, just want to verify that all these details for you are correct:
full legal name, address, dob, full ssn, phone number, USCIS#..."
and then the kicker:
"and also want to make sure we have the correct email address for you"
Oh. You just sent all this shit to an email address and "oh, let us know if this your email address"?!?
Meanwhile, they've found my fiancee on FB and are messaging her out of the blue to "verify" she knows me (to be clear, this was meant to be a standard background check, not a security clearance or anything similar).
To their credit, that employer, when I told them all this, were as horrified as I was and fired them as their background check provider.
We decided this was a privacy and security risk, and have gone in a completely different direction, but it would not surprise me if most businesses used one of these companies and just went with whatever they suggested without understanding at all what is at stake or who has access to the data.