Companies using third-party IT providers must control security by knowing who has access to data and why. This means reviewing contracts with the third party, checking the IT company's policies and educating in-house personnel. Read More Here.