If your organization is working with outside companies to supply you the services and materials you need to run your business, the security of those vendors directly affects your own security. Each new vendor you work with is a new way in for cyber criminals. The same goes if you are the supplier. While you may not have as much control over vendor security, there are a few steps you can take to keep your supply chain safe.
When working with an outside vendor, it’s important to understand what their privacy and security practices are. You need to know what every supplier is doing to protect your data. If they aren’t private or secure enough for your own standards, they might not be the right vendor for you.
There are three steps you can take to ensure vendor compliance with your security standards:
- Communicate: Let them know your policies and expectations for their privacy practices. A great way to communicate is by writing expectations directly into your contract with them.
- Audit: You could count on them to follow your expectations, but it’s better to be on the safe side and check up on them, especially if you’ve asked for something outside of their regular procedure. Auditing also shows your vendors that you take your privacy and security seriously.
- Enforce: If your vendors don’t meet expectations, respond and enforce. If terms were written into the contract, pursuing breach of contract might be in order. Even if terms were not laid out in a contract, it’s time to shop for a new vendor.
Protect your supply chain
Securing your supply chain means applying the same logic to suppliers as you apply to your own organization. Each supplier needs to be practicing an acceptable level of security so there are no weak links. You don’t want to be the week link for those you supply.
Understand who has access to what data, how they are accessing it and what is being done with it. Don’t open doors that don’t need to be open by allowing unnecessary personnel to access vendor data or them to access yours. Further, multifactor authentication trumps just passwords when it comes to accessing data.
Keeping tabs on the data
Protect your data; make sure it’s being stored in a safe location. Keep the data at your own data center, not on hard drives where it can be more easily stolen. Make sure your machines are clean and have up-to-date firewalls, spam filters and are updated regularly.
Data breaches are not only embarrassing, but they cost money and reputation too. If you work in a silo, you only have to worry about protecting yourself, but when you work with others that changes. Understanding how to protect yourself and to protect your customers will not only keep you safe, but keep your customers trusting you. You don’t want to be the weakest link, and you don’t want to work with any weak links either.