You Are Safe from Cyber threats, but Are Secure from Your Vendors?

Question

I am an SMB owner, I run a web-based logistics service. My employees are full time on payroll. All my customer data and schedules filter in through the website secure behind firewalls. My employee information is run through a third-party payroll system. My finance team and I exchange encrypted and secure emails only whenever we discuss money. A top financial management institution audits our books. I also employ a firm on a need basis to take of IT and maintain the integrity and security of customer and employee data. They are very efficient and always send out detailed emails about any malware, suspicious sites, and phishing threats. I am secure from any cyber threats, right? Should I be doing anything in addition to the above to ensure I am safe from the mails from the Prince of Nigeria?

Expert Answer

If you are still talking about Prince of Nigeria’s emails, I question first – where have you been in the past two years? Jokes apart, you are probably safe from cyber threats because your IT firm is vigilantly monitoring and looking for any breaches to your information security, but in return, I ask you – how secure are you from your vendors? From what I read, you are vulnerable at these touchpoints – website development and maintenance, payroll management, finance, and IT vendors. How secure are they? Vendors on average touch 4.6 devices, such as VPN, firewalls, directories and more. Are you using a third party security management solution? If you aren’t it is definitely time to consider the various options available.

You update your servers, firewalls and you monitor your security perimeters, but how often do your vendors? Do you know what version of the system they are using or is it in compliance with the industry standard? – These are questions you must be asking your vendors. Since these vendors can access your most sensitive data – what are their policies to ensure data integrity and security? Aren’t you curious? If you are not, you should be. And if you are not worried about security from these touchpoints, my friend, I am afraid I only have bad news for you. Gone are the times that you can rest assured that your vendors are safe from cyberthreats. In addition to external sources, your customers, your suppliers, your vendors are ALL potential cyberthreat gateways.

Why am I talking about third-party security?

Based on a 2018 PWC survey third parties are estimated at 19% source of a security incident. One in your five vendors is probably going to cost you money very soon if you are not monitoring their access and activities. Your employees receive emails from vendors all the time, are they secure? You do not discuss money matters, but how secure is your auditor’s portal. Ask these questions often and ask them again. Data breaches can happen at any time, anywhere. Hence, Come up with a plan and periodically assess all the information from your third-party security management solution. Never take your security for granted – be proactive.