Third-party vendors are a boon to many organizations who need to scale quickly. They offer specific expertise and help companies ramp up operational output.
However, if third-party vendors lack proper cybersecurity measures, they can damage the reputation of your organization and do significant damage to your bottom line.
The Dangers of a Data Breach
Nedbank, a South African regional bank, found this out the hard way when they fell victim to a third-party data breach in February, which exposed 1.7 million of its customers' personal data. The breach originated at Computer Facilities (Pty) Ltd, a South African company used by Nedbank for marketing and promotional campaigns.
Information obtained from the vendor system breach included ID numbers, home addresses, phone numbers, and email addresses. Nedbank took the vendor offline and wiped out all customer information held by the vendor's systems. The vendor did not have access to banking information, and the financial institution is working closely with local authorities to find those responsible.
This situation underscores how data breaches are a global issue and the fact that third-party vendors have to be thoroughly vetted.
It’s not enough for an organization to ensure its data is protected internally; partners and other vendors who have access to this data must also be equally secure.
Examples of third-party breaches are abundant.
In 2019, for example, Michigan-based McLaren Health suffered not one, but two third-party breaches. The organization fell victim to separate phishing and ransomware attacks, allowing attackers access to sensitive customer data.
And the cybersecurity firm Palo Alto Networks fell victim to a third-party vendor data breach last November that exposed the information of current and former employees including, names, dates of birth, and Social Security numbers.
As businesses continue to engage in vendor partnerships, cybercriminals are on the prowl to test those vulnerabilities. Vendor partnerships must be vetted to safeguard an organization's sensitive data.
3 Key Steps Before Signing off on a Vendor
It can be exciting when you identify a vendor that's a great fit for your company. But before integrating their services into your own IT systems, it's important to conduct some due diligence around cybersecurity:
1. Have a Thorough Conversation
Before adopting a new vendor, ask about their cybersecurity plan and protocol. Your vendor will have access to sensitive customer information, so for the sake of your operation this is a must-have conversation.
2. Trust, But Verify
Verify the vendor's cybersecurity plan is rigorous and complete. Connect your internal security team or cybersecurity vendor with their cybersecurity team to ensure all of your security measures are in sync.
3. Share Resources
If the vendor does not have adequate cybersecurity measures and staff in place but is willing to take the right steps, point them in the right direction by recommending they use your cybersecurity vendor, which you've already vetted.
Securing the Value of Third-Party Vendors
While you should proceed with caution, data breaches and cybersecurity threats don't have to endanger the benefits that third-party vendors bring to your organization.
It's all about practicing smart and proactive cybersecurity, which involves making sure your organization has all adequate resources lined up. If you lack the bandwidth and personnel internally, partner with a reliable and trusted provider of 24x7 threat detection services and get the peace of mind that your data is always safe and sound.