Why It’s Important to Know How Third Party Vendors Protect Your Company Information. Bearingstar Cyber Security Tip #3
Even if you have addressed the Cyber Security recommendations #1 and #2 that Bearingstar Insurance shared with you, and your network and devices are as secure as Fort Knox, they could still be vulnerable if somewhere downstream there is a vendor with access to your company data that has not taken the necessary cyber crime precautions.
The most infamous example of this is Target’s 2013 data breach that compromised millions of customers’ credit cards. How did hackers do it? They got in the back door by phishing employees at a third party vendor – a refrigeration contractor – until someone took the bait. Target’s data breach will forever serve as an eye-opening lesson for companies of all sizes that you are only as strong as your weakest link when it comes to cyber security.
Cyber Security Recommendation #3: Your Company May Be Secure, But What About Your Third Party Vendors?
If your company works with third party vendors, it’s likely that these partners have access to sensitive data about you, your business, and your customers. What may not be as clear is how these vendors are protecting that information from unauthorized access, use, and disclosure. Plus, do you know who your vendors are doing business with, and who those people are doing business with, and so on and so forth….In fact, there may be a lot more people with access to your data than you could ever imagine. For the sake of your business, it is critical that you closely manage your third party relationships which may include seeking legal counsel to ensure you have appropriate contracts in place with your vendors.
Dark Reading, an online cyber security news site, suggests the following five-step plan for fortifying your third party relationships:
1. Map your vendors so you know where data resides in your own organization and which vendors have access to it
2. Put one administrative department, such as legal, finance or compliance, in charge of vendor management and charge them with ensuring that vendor security measures are included in every contract and that internal groups are working together to track data that leaves the organization
3. Put everything in writing in your vendor contracts so that you and they are clear on how and why each vendor will access your data
4. As a condition of doing business with you, have your vendors specify measures that protect the privacy and security of your data, and also indemnify you against any breach or loss
5. Plan regular data security reviews with your vendors, and review your contractual provisions for trouble spots before they become a serious problem
Developing a solid third party vendor management plan will not only help you uncover areas of greatest risk for a data breach, but also help you stay a step ahead of them.
Cyber Security risks are becoming an epidemic that smart business owners should not overlook. Bearingstar Insurance wants you to be prepared. If you are a business owner in Massachusetts or Connecticut who hasn’t had a conversation with your current insurance agent about protecting your company from these very real security threats, we want to talk to you. Contact us for a complimentary review and free business insurance quote.
Looking for more information to protect your business against cyber security threats? Read our first two blog posts where we offer the following tips: