Business in the center with links to suppliers and their business connections. Question marks next to all of these connections

Should Your Business Vet Vendors Holding Your Data?

The short answer is “yes, you should”. It is your responsibility to vet all vendors before you provide access to your data. Last month, confidential documents belonging to the law firm, Jones Day, were posted on a public website by a hacking group. The documents were accessed when the law firm’s file transfer vendor, Accellion, was hacked. As a result of a cyber attack on one of their vendors, the law firm has suffered both reputational and financial damage.

Many businesses rely on third party suppliers to provide services such as file sharing, data back up and data storage. Many vendors have strict processes in place, but it is your responsibility to ensure all of your business data is being stored securely and risks have been mitigated, so your data has the highest level of protection against cyber attacks and data breaches, regardless of where it is stored.

Ultimately, if your data is leaked, there will be reputational damage to your brand regardless of whether your own systems were compromised. There could also be financial costs associated with recovering from a data breach, including customer remediation and even ransom demands to prevent hackers from releasing your data.

One effective way to assess a vendor’s processes and controls is through a professional third party security questionnaire. A questionnaire will identify potential weaknesses in your vendor’s information security policies and processes that could result in a data breach leak or other type of cyber attack.

And remember, it is important to set up on-going monitoring to ensure vendors are following agreed processes and fulfilling their obligations in terms of keeping your data safe.

In the event that a vendor does experience a cyber attack and your business is affected, having an incident response and disaster recovery plan in place will help mitigate reputational and financial damage.

More information about the cyber attack on Jones Day’s data can be found here.

Speak to the MAP CyberSecure team today to understand how you can work with vendors to assess and mitigate cyber threats to your business. Contact us at (818) 789 1179.

Share: Share by email
Go to the top of this page.