Third-Party Data Breaches: Weakest Link in Cybersecurity featured image

Third-Party Data Breaches: Weakest Link in Cybersecurity

by John DiGiacomo

Partner

Data Breach

One problem that many companies discover as they develop cybersecurity measures is that third-party data breaches is the weakest link in its data management chain. Many companies find it a business necessity to outsource some, if not all, data management, storage, and processing activities to third-party vendors. These vendors may include cloud hosting companies and other software as a service providers. Putting your company’s valuable data into the hands of a third party carries some risk, especially concerning the security of that data. Your company could have the most sophisticated cybersecurity protections in place to protect data, but if your third-party vendor has a lax attitude about cybersecurity, then your data could be at risk of being exposed in a data breach.

Third-Party Data Breaches are Serious Threat to Business Cybersecurity

It is not uncommon for hackers to gain access to businesses through third-party vendors and to compromise data. A business might have its own cyber security protections in place, but must grant access to third parties. When network access spans outward from the business to third parties, it creates a potential weakness in the security of a network. Third party vendors make for good entry access points to company computer networks because for every link in the chain of access to the company’s computer network there is an increased likelihood of a vulnerability in the cybersecurity measures that protect the network, which can be exploited.

According to Soha Systems Survey on Third Party Risk Management, 63% of all data breaches are linked in some way to third parties such as contractors, suppliers, or vendors that have access to a business’ system. Businesses are responsible for the data that they collect, transmit, use, and process, even if it is entrusted to a third-party vendor.

How Can Businesses Make Cybersecurity a Top Priority for Third-Party Vendors?

One way that a business can make cybersecurity a top priority for third-party vendors is through the use of a business agreement with the vendor. When hiring a third-party vendor, businesses can benefit from negotiating a contract with the vendor that specifically details the types of security measures and safeguards that the third-party vendor must use when handling data for the business. For instance, business can:

  • Utilizes a service-level agreement. This can be helpful in providing specific measures of security performance that the vendor must produce or provide.
  • Request that the vendor perform periodic security assessments on its systems.
  • Require an audit clause to be included in the agreement. This could enable the business to verify the third party vendor’s compliance with specific security protocols by way of an independent security audit.
  • Limit the third party vendor’s access to the business’s network. Only grant access to what the vendor needs to do its job and no more.

Having a business contract with the third-party vendor makes cybersecurity a priority for that company. The business can help mitigate risk associated with working with a third party. Third-party vendors need to know that their clients take cybersecurity seriously, so that they will take it seriously as well.   

Businesses are constantly facing new challenges concerning cybersecurity and third-party data breaches. Taking steps to protect your business by making security a priority for your vendors is a great first step to mitigating some of your business’s cybersecurity risk.

Our data breach attorneys can assess your current risk profile, or in the case of a data breach, help with notification compliance. Contact us using the form on this page or call us at 855-473-8474.

Image credit to Flickr user Blue Coat Photos.

Editor’s note: this post was originally published in December, 2016. It has been updated for content and clarity.

 

Extra, Extra!
Recent Posts

Worrying About SaaS Agreements and Cross-Border Data Transfers

Worrying About SaaS Agreements and Cross-Border Data Transfers

Internet Law

When your business is contemplating a software-as-a-service (“SaaS”) agreement, there are a large number of considerations. An SaaS agreement is, of course, a subscription service where a software package is centrally hosted and accessed by a SaaS company’s customers. Issues to be aware of include: As important as the foregoing issues are, one often overlooked […]

Read more about Worrying About SaaS Agreements and Cross-Border Data Transfers

FAQs About Legal Services for Social Media Influencers, Bloggers, and Online Content Creators

FAQs About Legal Services for Social Media Influencers, Bloggers, and Online Content Creators

Internet Law

If you are serious about your career as a social media influencer, blogger, and/or online content creator, you ARE going to need legal services at some point. Online creation is big business now, and big business means the need for legal services. The Internet and Social Media Attorneys at Revision Legal are here to help. […]

Read more about FAQs About Legal Services for Social Media Influencers, Bloggers, and Online Content Creators

Take it Down Act: Ban on “Revenge Porn” Goes National

Take it Down Act: Ban on “Revenge Porn” Goes National

Internet Law

Congress recently passed the Take It Down Act (“TIDA”), and the law was signed by the President in mid-May 2025. See AP media report here. Interestingly enough, “Take It Down” is an acronym for “Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act.” TIDA prohibits what is commonly called “revenge […]

Read more about Take it Down Act: Ban on “Revenge Porn” Goes National

Put Revision Legal on your side

Let's Discuss Your Case