Are Vendors The Weak Spot In Your Cyber Defenses?

 

Carl Mazzanti is the president of eMazzanti Technologies in Hoboken.

You engage with vendors to improve your customer service. But your vendor holds much of your sensitive data — what if they get hacked? A third-party Cyber Security incident can have serious repercussions. Beyond direct financial losses, third-party breaches can lead to operational damage and reputational harm. eMazzanti Technologies can help to keep your company safe.

Third-party vendor attacks represent a significant threat. More than 50,000 current and former employees of Mondelez Global — maker of Oreo cookies and Ritz crackers — had their personal data exposed after a data breach occurred at a global law firm that served as the food giant’s partner. The hacked information included sensitive details like dates of birth, Social Security numbers, and home addresses.

In today’s environment, companies large or small cannot say they are ignorant of this kind of challenge. As far back as a decade ago, a hacker called Profile 958 stole the credit and debit card information of more than 110 million Target customers. The Cyber Criminal tricked his way into the files of Fazio Mechanical Services, a company in Pittsburgh that had access to the retailer’s billing systems because they did work for Target.

Today, supply chains are very long, which can create security vulnerabilities. Threat actors can take advantage of gaps at different points, posing a wide range of threats to supply-chain partners. One of the many key safety actions top cyber security services providers provide involves conducting risk assessments of third parties.

This research involves checking the cybersecurity measures of your third-party partner and testing them to ensure the outside company has a good plan for detecting and responding to incidents. We can also make inquiries about the training your third-party partner provides to its own employees, contractors, and vendors.

Your contracts with partners should also contain clauses ensuring that they follow approved Cyber Security measures. It is crucial to maintain consistency in policies and practices. Incorporating these contract clauses helps you to protect your data and information from potential security breaches.

Holding third parties to the same standards is crucial to maintaining a secure network. Contracts should spell out the third party’s Cyber Security policies, procedures, and security measures used to protect sensitive company data.

The contract should also state that your third party must ensure its own subcontractors follow the same Cyber Security rules. The third party should also keep a list of its subcontractors.

Data retention and breach notification requirements should be addressed in the contract, to ensure compliance with laws and regulations in the event of a data breach by a third party. The agreement should address liability and indemnity limitations and other insurance details.

Your company should also periodically review third-party partners to ensure that they only have access to information that is necessary for their job. And periodically, you should ask vendors to fill out risk-assessment forms, to ensure they update their security programs as needed.

In addition to formal evaluation activities, informal actions can help you get more information about third-party partners. For example, visit a partner company’s office and speak with a manager about their operations. If the partner values you as a customer, they will find a few minutes to meet with you.

Talk to receptionists and other employees, not in official positions, and ask them about the company’s atmosphere and growth. These “sideline” conversations can provide you with clues about the reliability of the vendor and can indicate whether you should be concerned about their ability to access your important information.

Hackers are constantly getting better at what they do. But companies that partner with eMazzanti professionals are well-defended against Cyber Attacks.