Best Buy, Panera Bread, Target and Under Armour. What do each of these companies have in common?
They each suffered a data breach at the hands of a third-party vendor. While the most common definition of a data breach is the unauthorized access, transition, reproduction, dissemination or sale of personal, confidential or privileged data, if data is mistakenly shared with an unauthorized user by an authorized user– that is also a breach.
There was a time when you could select your third-party vendor because they were the best fit for your organization. That’s no longer the case. When it comes to selecting third-party vendors, it’s more important than ever to do your due diligence in confirming that the vendor you select has security protocols in place to keep your company and customers’ data safe from breaches. While they may not have direct access to sensitive data, connecting a vendor to your network can even put that data at risk.
Consumer trust in businesses can be in a precarious state post data breach. It doesn’t matter how the breach happened or who was to blame, lost data equates with lost revenue.
As we head into the high-volume holiday shopping season, it’s a good time to confirm your third-party vendors are up to the task. Here a few tips to help with selecting and confirming your third-party vendor isn’t your weak link:
- Thoroughly vet all vendors to ensure they share the same values as your organization when it comes to data privacy and risk management.
- Get specific with contractual agreements. These should not only outline data protection demands, but also draw up an agreed upon standard for measuring that effort.
- Share only data that’s necessary. Third-party vendors should only have access to information necessary to align with your business and perform the job you’ve hired them for.
- Conduct periodic audits on third-party vendors to ensure compliance with the agreed upon terms of the contract.
- Keep strong, open and ongoing communication with vendors. It’s important to avoid a “set it and forget it” mindset as the security landscape evolves.
Security threats are everywhere and originate in all kinds of ways. In addition to vigilance with third-party vendors, it’s equally important that organizations take the time to review their own internal data protection measures from internal employee training, security solutions and protocols and everything in between.
Please feel free to leave me a comment below. You can also find me at @CindyProvin
Visit this page to subscribe to our newsletter to receive the latest data security research, insights from our blogs and other resources.