Download/Print PDF Take the Quiz
Our Business Vendors May Have Access to Sensitive Information.
Make sure those vendors are securing their own computers and networks. For example, what if your accountant, who has all your 铿乶ancial data, loses his laptop? Or a vendor whose network is connected to yours gets hacked? The result: your business data and your customers鈥 personal information may end up in the wrong hands 鈥 putting your business and your customers at risk.
How To Monitor Your Vendors
Put it in writing
Include provisions for security in your vendor contracts, like a plan to evaluate and update security controls, since threats change. Make the security provisions that are critical to your company non-negotiable.
Verify compliance
Establish processes so you can con铿乺m that vendors follow your rules. Don鈥檛 just take their word for it.
Make changes as needed
Cybersecurity threats change rapidly. Make sure your vendors keep their security up to date.
How To Protect Your Business
Control access
Put controls on databases with sensitive information. Limit access to a need-to-know basis, and only for the amount of time a vendor needs to do a job.
Safeguard your data
Use properly con铿乬ured, strong encryption. This protects sensitive information as it鈥檚 transferred and stored.
Secure your network
Require strong passwords: at least 12 characters with a mix of numbers, symbols, and both capital and lowercase letters. Never reuse passwords, don鈥檛 share them, and limit the number of unsuccessful log-in attempts to limit password-guessing attacks.
Use multi-factor authentication
This makes vendors take additional steps beyond logging in with a password to access your network 鈥 like a temporary code on a smartphone or a key that鈥檚 inserted into a computer.
What To Do If a Vendor Has a Security Breach
Contact the authorities
Report the attack right away to your local police department. If they鈥檙e not familiar with investigating information compromises, contact your local FBI office.
Confirm the vendor has a fix
Make sure that the vendor 铿亁es the vulnerabilities and ensures that your information will be safe going forward, if your business decides to continue using the vendor.
Notify customers
If your data or personal information was compromised, make sure you notify the affected parties 鈥 they could be at risk of identity theft. Find information on how to do that at Data Breach Response: A Guide for Business. Find it at FTC.gov/DataBreach..