415 IT Blog
Companies Need to Keep Their Vendors’ Security In Mind
Data breaches have a tendency to destabilize relationships. With so many data-related problems befalling businesses nowadays, it is important that each side of every data-driven relationship understands their role in the protection of other organizations’ data. Today, we’ll take a look at the issue and how to determine if your partners are putting in the effort required to keep your data secure.
Are Your Vendors Properly Protecting Your Information?
We’ve seen businesses have a litany of challenges protecting their sensitive data over the past several years, and as threats get more sophisticated it poses more problems. Additionally, many businesses outsource a fair amount of their operational and support efforts and that can have a negative effect on their security.
So, how do you know that your vendors are protecting your information?
You ask them, of course.
Before you onboard any new vendor, you should come up with a questionnaire that asks the right questions about how they handle their own cybersecurity, and more specifically (and importantly) how they go about handling your information.
At 415 IT, we do this for all of our clients to ensure that they are partnering with reliable companies that, at the very least, are attempting to do the right things to protect sensitive information.
Questions You Should Ask Your Vendors
The first thing you should consider when making up some questions to ask your vendors about security is: do you understand the answers? If you don’t know what you are doing, you could just assume any thoughtfully answered response would be sufficient. This is far from true and is a liability, especially in trying to ascertain what risk your business is facing by doing business with a company. We can’t stress enough that if you don’t have someone that knows what they are doing, you need to find someone, as this will serve you much better in times like this.
Let’s go through a couple of important questions you should ask if you do have the competence available to sufficiently measure risk from the answers:
- Do you collect, store, or transmit personally identifiable information (PII)?
- If so, do you store your PII onsite or in the cloud?
- How do you provide users access to the PII you store?
- Can PII be accessed remotely?
- Do you constantly monitor all services, systems, and networks?
- What regulatory bodies does your business operate under? Do you have proof of compliance?
- What kind of encryption do you use for data-at-rest? Data-in-transit?
- Do you consistently patch your software?
- Do you have mobile device management and IoT management systems?
- Do you utilize legacy systems that aren’t supported by manufacturers?
- What cybersecurity tools do you use?
- Do you have language in your agreements about vendor cybersecurity?
- How are your continuity systems?
- How would you go about the situation in the event of a data breach?
- What authentication procedures do you use?
- Do you train your employees on the best practices of cybersecurity?
There are many more questions you can ask, and you should ask them if you find them necessary. Vetting your vendors is a great way to know if they have your best interests in mind.
If you would like to partner with a company that not only has your best interests in mind, but also can help you ascertain if your other partners do as well, give 415 IT a call at (415) 295-4898 today.
Comments