It’s a new year and a new decade. Now, more than ever, your tech best practices need to be more proactive. Whether you realize it or not, that includes setting up IT goals to ensure you’ve got a plan and practices around vendor security.
This article will help you identify four key action items you need on your 2020 list to ensure you protect your company against vulnerabilities you might be exposed to through vendor relationships.
You are Only as Secure as Your Vendors
If you’re like most companies, you allow, on average, 89 vendors to access your networks each week. And, if you’re like Target, Equifax, or 56% of organizations, you’ve experienced a data breach because of a vendor’s lack of security initiatives.
That number is unacceptable and preventable, though it does require a little legwork.
IT Challenges Working with Third-Party Vendors
It’s frustrating: you put a lot of time, money and energy into ensuring your IT systems are protected against threats, but you have zero vision into whether the vendors who have access to your systems do the same. And, as your business grows, more and more vendors have that access, making your systems more and more vulnerable.
Some of the challenges you are faced with include:
- The quality and accuracy of the data vendors provide your organization
- The actionability of the data
- How quickly a vendor could deal with a potential IT threat
- Whether the vendor continuously monitors systems for potential threats
- The cost of on-sight assessments
- Who’s responsible if a vendor opens the door to an IT issue
What to Do to Protect Your Company
While it may be virtually impossible to prevent every cyberattack, you can at least shore up your defenses on the vendor front.
Make a List of Who Has Access to Your Systems
How many vendors do you work with? Dozens? Hundreds? It’s imperative you know the exact number and how you work with them. List the vendors and what components of your system each can access. You might be surprised at the level of access that some (unnecessarily) have.
Review Third-Party Security Policies
Do you have a policy in place for onboarding a vendor into your system? What determines the level of access they receive? These are questions best discussed with your leadership team to ensure everyone is aware of the potential threats that vendors bring to the company.
Ask for Vendors’ Security Policies
This subject may never have come up, so you are likely unaware of what your vendors do to protect both their systems and your own. Understand whether they have practices in place to protect the data they share with you. If they have no such practices, consider finding a vendor that does.
Stay on Top of the Risk
This needs to be an ongoing effort: ensuring that vendors only have access to what is essential for their role and reviewing security policies both on your end and theirs.
How KLH Can Help
Don’t let 2020 be the year you are a victim of a cyberattack that results from a vendor relationship. Our IT managed services can help by carefully looking at your IT structure to determine what programs you’re running and what permission levels you have associated with applications and equipment.
We then can help you establish the right IT permissions for new vendors and help you conduct annual reviews to evaluate vendors, both before you start working with them and on a yearly basis. If you are in a regulated industry (like finance), this can be built into your cyber insurance policy.
You may do everything in your power to protect your own system but, unless you are proactive about vendor security, you are still at risk.