Are Vendors The Weak Spot In Your Cyber Defenses 1

Are Vendors The Weak Spot In Your Cyber Defenses?

SHARE

 

Carl Mazzanti is the president of eMazzanti Technologies in Hoboken.

Carl

You engage with vendors to improve your customer service. But your vendor holds much of your sensitive data — what if they get hacked? A third-party Cyber Security incident can have serious repercussions.

Beyond direct financial losses, third-party breaches can lead to operational damage and reputational harm. eMazzanti Technologies can help to keep your company safe.

Third-party vendor attacks represent a significant threat. More than 50,000 current and former employees of Mondelez Global — maker of Oreo cookies and Ritz crackers — had their personal data exposed after a data breach occurred at a global law firm that served as the food giant’s partner. The hacked information included sensitive details like dates of birth, Social Security numbers, and home addresses.

In today’s environment, companies large or small cannot say they are ignorant of this kind of challenge. As far back as a decade ago, a hacker called Profile 958 stole the credit and debit card information of more than 110 million Target customers. The Cyber Criminal tricked his way into the files of Fazio Mechanical Services, a company in Pittsburgh that had access to the retailer’s billing systems because they did work for Target.

Today, supply chains are very long, which can create security vulnerabilities. Threat actors can take advantage of gaps at different points, posing a wide range of threats to supply-chain partners. One of the many key safety actions top cyber security services providers provide involves conducting risk assessments of third parties.

This research involves checking the cybersecurity measures of your third-party partner and testing them to ensure the outside company has a good plan for detecting and responding to incidents. We can also make inquiries about the training your third-party partner provides to its own employees, contractors, and vendors.

Your contracts with partners should also contain clauses ensuring that they follow approved Cyber Security measures. It is crucial to maintain consistency in policies and practices. Incorporating these contract clauses helps you to protect your data and information from potential security breaches.

Are-Vendors-The-Weak-Spot-In-Your-Cyber-Defenses_2

Holding third parties to the same standards is crucial to maintaining a secure network. Contracts should spell out the third party’s Cyber Security policies, procedures, and security measures used to protect sensitive company data.

The contract should also state that your third party must ensure its own subcontractors follow the same Cyber Security rules. The third party should also keep a list of its subcontractors.

Data retention and breach notification requirements should be addressed in the contract, to ensure compliance with laws and regulations in the event of a data breach by a third party. The agreement should address liability and indemnity limitations and other insurance details.

Your company should also periodically review third-party partners to ensure that they only have access to information that is necessary for their job. And periodically, you should ask vendors to fill out risk-assessment forms, to ensure they update their security programs as needed.

In addition to formal evaluation activities, informal actions can help you get more information about third-party partners. For example, visit a partner company’s office and speak with a manager about their operations. If the partner values you as a customer, they will find a few minutes to meet with you.

Talk to receptionists and other employees, not in official positions, and ask them about the company’s atmosphere and growth. These “sideline” conversations can provide you with clues about the reliability of the vendor and can indicate whether you should be concerned about their ability to access your important information.

Hackers are constantly getting better at what they do. But companies that partner with eMazzanti professionals are well-defended against Cyber Attacks.

Penetration Testing Services

Put Your Defenses to the Test.

Security Awareness Training

Reduce phishing attacks and malware infections.

UPCOMING VIRTUAL EVENTS

Demystifying Cyber Security for SMBs

sb-cyber-security-master-class

The continually changing threat landscape requires us to update best practices and add new concepts to keep your organization safe.

SESSION 4: Cyber Security Strategy
Watch On-Demand

SESSION 5: Cyber Insurance & MFA
Watch On-Demand

SESSION 6: Threat Detection | OCT. 16

Microsoft Copilot
Master Class Workshop

sb-microsoft-copilot-master-class

eMazzanti will host 60-minute Master Classes, that speak to how AI can help your business streamline and grow.

In each session, you will have Artificial Intelligence and Automation explained, view a live demo of Copilot, and see it live in action in a dynamic format.

RESOURCES

Cyber Security Awareness Hub

sb-Cyber-Security-Awareness-Hub

Cyber Security Awareness Kit, designed to be delivered to your team in bitesize chunks.

We are sharing the resources and highlighting services your organization needs, covering everything from multifactor authentication to software updates, showing your users just how easy it is to improve their security posture.

Resource Library

sb-resource-library

Insights to help you do what you do better, faster and more profitably.

> Tips to Stay Protected Against Phishing Attacks

> Understanding Ransomware 

> The 6 Known Wi-Fi Threat Categories Targeting Your Business and How to Defend Against Them

> Practical Advice for Avoiding Phishing Emails

Recent Articles

NEWSLETTER

Categories