Countless businesses large and small have been involved in data breaches over the past year. From Delta to Best Buy, a huge number of big names have made headlines—the majority of these breaches stemming from third-party vendors not doing their security due diligence.
Across industries from healthcare to distribution to manufacturing, companies have started to worry about the devastating effects of cyberattacks and data breaches.
Not only will you have to pay hefty fines or face consequences to whoever is regulating your industry, but you’ll have to answer to clients and deal with eroded trust. The fact is that more than three-quarters of business go out of business within a year of a cyber event.
Be Wary Of Your Business Partnerships!
Many organizations have started to recognize that many of their security risks are embedded in their vendors and business partners. Software, hardware and end-to-end security is likely not consistent across your partnerships (and your clients data may be in jeopardy in multiple places). Don’t for a minute think that your clients will shrug off a cyber incident that included or may have included their information. They are going to certainly blame you!
You may think “we’re responsible for keep our own computers secure, isn’t that enough?”
What cybersecurity analysts have found is that keeping your client data relies not only on due diligence from your organization, but also from your partners. Note: if you’re not sure your computers are being maintained enough to prevent cyberattacks, experts recommend getting a network security assessment to determine where the gaps in your security lie.
Most business that have been involved in client data breaches relating to vendor negligence often find profit margins diminishing in cyber events involving vendors and partnerships. You probably spend a TON of time worrying about third party vulnerabilities.
Supply chain and vendor-related cyberattacks are particularly insidious for a variety of reasons:
They provide opportunities for hackers to exploit a vulnerability and hit multiple companies at once—by targeting vendors that work with multiple clients in a supply chain gives hackers a way to hit many birds with one stone.
Many vendors have little accountability for your client data—for most industries, businesses do not hold their vendors and partners accountable to keeping their data secure. Make sure you inspect what you expect and have signed agreements that include expected security standards.
Even if you have a strategy for securing your supply chain, it might not be working.
In fact, nearly 90 percent of organizations suffering a data breach had a strategy for evaluating supply chain security, but their strategies did not holistically evaluate partners’ network security and continuity (critical components to your assured healthy relationship with strategic partners).
Even more worrisome, it takes close to 63 hours for a partner to detect and remediate an attack. In some of those cases, IT-related partners had open access onto networks like yours, causing security breaches and forensic investigations (which I might add, cost nearly $40K per computer!) on their networks.
So… How can you start securing your supply chain and coordinate with your third-party partners?
Define who is providing what. More often than I’d like to admit, potential clients don’t know who is providing services to them. Write out all of the requirements for your third parties. You need to understand their businesses so you can integrate them into your security strategy.
Untangle complex supply chain environments. The more complex your vendors are with regards to their networks, the more possibilities they have major risks on their network. For any prospective client, expect them to allow you to get a third party security audit of their networks before agreeing to do business with them. Expect that they fix any security issues before signing on the dotted line.
Gain commitments from partners to adhere to security standards in your industry. At very least, your partners should commit to security standards within your industry—even if they might not be your exact security policies and procedures. By ensuring and auditing them for standards, you assure that your client information is not the low hanging fruit compromised by easy cyberattacks.
Do you know where your data is lurking? Can you really trust your business partnerships? Consider a free network security assessment today!
