M.A. Polce Consulting

M.A. Polce Insights

Author: Bea Ewing
Date: February 22, 2018
Are Your Vendors Putting You at Risk?

There are numerous security risks that come from giving third-party vendors access to your network and data. According to the Ponemon Institute, 49% of companies had a data breach caused by a third-party vendor. In fact, hackers themselves admit that contractors are often their primary target. Some of the most devastating breaches in the past few years have been rooted in this fact.

Every business enters into contracts with third parties such as payroll providers, HVAC contractors, and IT companies. Those companies may have a connection to your network, or they may hold sensitive personal information on your employees or customers. If any of those vendors are compromised, hackers could use the third party to gain access to your network. Or if the vendor holds personal information, hackers could steal that data and sell it to others. And those affected by the breach—customers, banks, and the government—will come after you, because it was your data.

Certain compliance standards mandate that vendors and associated business partners have the same security policy measures as you, the core business. But it isn’t just about adhering to mandatory restrictions; this is businesses taking responsibility and putting an emphasis on security. There is little point in your company having extensive protection measures in handling customer data, if once it gets onto your vendor’s system it is open to simple phishing breaches.

The costs of responding to a data breach include notifying customers, providing credit monitoring services, IT fixes, lawsuits and fines. For large companies such as Target, these costs run into the tens of millions of dollars. Even small or medium-sized businesses find that responding to a breach can easily exceed $50,000, not to mention lost business, damage to your reputation, and potential lawsuits or government enforcement actions.

If one of your vendors suffers a data breach that affects your company, your customers, or your employees, who will cover the costs associated with responding to the breach? You may be forced to if your vendor agreement does not spell out who is responsible for these costs. If you consider suing your vendor, without clear contract language, it may be very difficult to win such a lawsuit.

Third party vendor management, like all business, is about relationships. Creating them, building them, maintaining them, and making sure they are mutually beneficial. Security is an inherent feature of a healthy relationship and should be a main focus when working with any vendor. This is accomplished by having a strong and effective process for ongoing vendor management that starts long before the contract is signed. By performing due diligence upfront, you will have a better understanding of your vendor’s security posture and be able to ensure that their controls are at least as strong as yours and meet your security requirements.


Company Insights

We Strive To Be The Best

The M.A. Polce Difference:

24/7/365 Operations & Support

Superior Customer Service

30+ Experienced Engineers

SOC 2 &
NIST Compliance

Rapid Incident Response

You are now leaving MA Polce Consulting

MA Polce Consulting provides links to web sites of other organizations in order to provide visitors with certain information. A link does not constitute an endorsement of content, viewpoint, policies, products or services of that web site. Once you link to another web site not maintained by MA Polce Consulting, you are subject to the terms and conditions of that web site, including but not limited to its privacy policy.

You will be redirected to

Click the link above to continue or CANCEL