Let’s find what you’re looking for. Search our resources, blog, pages, and any other content on our website.
Cyberattacks have become infinitely more popular in the years since the pandemic. These attacks don’t just impact smaller companies without the budget or experience to successfully manage their own cybersecurity – they’re happening to major corporations and players in critical infrastructure as well.
Equifax paid more than $1 billion in penalties after a data breach affected 150 million customers in 2017. They are a huge credit reporting agency with unlimited amounts of persona and highly sought after financial information on hundreds of thousands of US citizens.
Change Healthcare – a unit of UnitedHealthGroup – was impacted by a similar cybersecurity incident in late February of this year. Hospitals, pharmacies, and other stakeholders expressed understandable concern about cash flow security in the wake of the attack, and had issues submitting claims, receiving payments, and ultimately, serving patients.
Last month car dealer software slinger CDK Global paid a $25 million ransom after a cyberattack attributed to the BlackSuit ransomware gang. Car dealerships, customers, and automakers all felt the repercussions of this attack, even if they weren’t the ones shelling out the ransom money. Tens of thousands of car dealerships had to resort to manually dealing with tickets and facilitating operations, meaning customers dealt with delays, incomplete transactions, and in some cases even reported being targeted by related phishing scams looking to take advantage of them in the wake of the outage.
Cybercrimes like these impact business in many ways, especially now that more and more are storing their customers’ data entirely online. And when third-party vendors and contractors experience data breaches, it quickly becomes your problem. This point ties back to the CDK Global incident
This phenomenon is especially problematic because companies and organizations can no longer be entirely sure just where their sensitive information is stored, who has access to it, and who it can be shared with. These third-party data breaches can be held back with heftier investments in cybersecurity, but you probably don’t need us to spell out why a Fortune 500 company with an on-site IT department and layers upon layers of security protocols might be better equipped to deal with bad actors of any kind than a small business that finds themselves trying to keep up.
But are these security breaches preventable at all? Budgets aside, what are some best practices that anyone and everyone can implement to manage their risk more effectively?
Read up on information security when sourcing third-party vendors
When considering vendors, you should give special attention to those that can demonstrate strong information security protocols. Do they understand how to comply with specific requirements that might affect your industry? For instance, if you work in the healthcare fields, does this contractor have a grasp on HIPPA?
Regularly check-in on any third-party vendors with access to sensitive data
Even if this is a vendor your company has worked with time and time again, it’s still important to make sure that things are running as they should be – and we’re not talking about anything malicious here. Trusted contractors and providers are just as likely to experience an IT system compromise, a malware infection, or something else damaging but out of their control. This can help you catch a breach before it happens, and protect both of your interests.
Require independent verification of security protocols
If you’re looking to bring on a new vendor, it might be a good idea to have them get certified against an independent industry standard for information security. This removes any potential discrepancies on what constitutes “secure” by giving someone unaffiliated with either organization the power to make the final call. It won’t shock you to learn that lots of government agencies, like The Department of Defense, have protocols like these in place for potential outside vendors.
Reexamine your vendor off-boarding
Of course it’s important to make sure that third-party organizations that are starting their working relationship match up to your unique set of protocols and expectations. But it’s equally important that your off-boarding process is audited regularly. This is often overlooked, and leaves so much room for compromised information and data – especially if the relationship ended on any sort of bad note.
Interested in how Access One can help? Let’s talk.