The Importance of Conducting Due Diligence on 3rd Party Providers

04-duediligenceWe’ve entered into an age where network security breaches aren’t just common – they’re alarmingly more common than you think. According to the 2015 Cyberthreat Defense Report, an incredible 70% of all organized were compromised by a successful computer security breach at some point during the previous year. Hackers and other people with malicious intentions are targeting large corporations, small businesses and everyone in between. It’s up to you to ensure that you’re properly prepared. But what do you do when you are tasked to provide a certain amount of control over your data to a third party vendor?

Are third parties putting you, your customers and ultimately your business at the risk of a breach?

The answer, unfortunately, is “probably.”

The Facts
Two of the biggest (and most successful) data breaches over the last few years struck Target and Home Depot, respectively. Each attack cost victims millions of dollars in damages and negatively affected the reputations of two of the most recognized brands in the marketplace. Both data breaches were the result of vulnerabilities at third party vendors that the companies were working with.

According to a recent study that was conducted by the Ponemon Institute, Target and Home Depot aren’t alone. An alarming 53% of all surveyed organizations felt that the negligent actions of third parties like vendors, outsourcers and more were putting their own businesses at risk for similar attacks.

Two Ways Third Parties Are Putting You At Risk

  1. Weak Password Security Policies
    Your organization could institute the strongest possible password policy but if your third party vendor still uses “1234” as the password on their firewall, you’ll ultimately be the one to pay the consequences.
  2. Risk Management (or Lack Thereof)
    Many people don’t realize that your third party vendors often have third party vendors that they themselves are working with. This essentially puts them in a similar situation to the one that your business finds itself in – a breach at a third party vendor three levels removed from your company can eventually find its way back to your virtual doorstep.

Tips & Best Practices

  1. Always make sure that your vendors all have proper governance policies and that they’re strictly adhering to local and federal rules and regulations regarding which departments have access to what types of information, what those employees can do about it and more.
  2. You should always inquire into their password policies to make sure that they’re making sure that their own users are including things like special characters and are periodically changing passwords to help prevent network security breaches in the first place.
  3. Make sure that you’re always aware of exactly who is handling your business sensitive data and be vigilant at all levels. This includes overseeing people like data encrypters, cloud security providers, data backup organizations, point-of-sale maintainers and more – not just the regular IT professionals that you actually see and interact with daily.

Sometimes the people you DON’T see on a regular basis are the ones that you need to be paying the most attention to.