Third-Party Data Breaches: Weakest Link in Cybersecurity featured image

Third-Party Data Breaches: Weakest Link in Cybersecurity

by John DiGiacomo

Partner

Data Breach

One problem that many companies discover as they develop cybersecurity measures is that third-party data breaches is the weakest link in its data management chain. Many companies find it a business necessity to outsource some, if not all, data management, storage, and processing activities to third-party vendors. These vendors may include cloud hosting companies and other software as a service providers. Putting your company’s valuable data into the hands of a third party carries some risk, especially concerning the security of that data. Your company could have the most sophisticated cybersecurity protections in place to protect data, but if your third-party vendor has a lax attitude about cybersecurity, then your data could be at risk of being exposed in a data breach.

Third-Party Data Breaches are Serious Threat to Business Cybersecurity

It is not uncommon for hackers to gain access to businesses through third-party vendors and to compromise data. A business might have its own cyber security protections in place, but must grant access to third parties. When network access spans outward from the business to third parties, it creates a potential weakness in the security of a network. Third party vendors make for good entry access points to company computer networks because for every link in the chain of access to the company’s computer network there is an increased likelihood of a vulnerability in the cybersecurity measures that protect the network, which can be exploited.

According to Soha Systems Survey on Third Party Risk Management, 63% of all data breaches are linked in some way to third parties such as contractors, suppliers, or vendors that have access to a business’ system. Businesses are responsible for the data that they collect, transmit, use, and process, even if it is entrusted to a third-party vendor.

How Can Businesses Make Cybersecurity a Top Priority for Third-Party Vendors?

One way that a business can make cybersecurity a top priority for third-party vendors is through the use of a business agreement with the vendor. When hiring a third-party vendor, businesses can benefit from negotiating a contract with the vendor that specifically details the types of security measures and safeguards that the third-party vendor must use when handling data for the business. For instance, business can:

  • Utilizes a service-level agreement. This can be helpful in providing specific measures of security performance that the vendor must produce or provide.
  • Request that the vendor perform periodic security assessments on its systems.
  • Require an audit clause to be included in the agreement. This could enable the business to verify the third party vendor’s compliance with specific security protocols by way of an independent security audit.
  • Limit the third party vendor’s access to the business’s network. Only grant access to what the vendor needs to do its job and no more.

Having a business contract with the third-party vendor makes cybersecurity a priority for that company. The business can help mitigate risk associated with working with a third party. Third-party vendors need to know that their clients take cybersecurity seriously, so that they will take it seriously as well.   

Businesses are constantly facing new challenges concerning cybersecurity and third-party data breaches. Taking steps to protect your business by making security a priority for your vendors is a great first step to mitigating some of your business’s cybersecurity risk.

Our data breach attorneys can assess your current risk profile, or in the case of a data breach, help with notification compliance. Contact us using the form on this page or call us at 855-473-8474.

Image credit to Flickr user Blue Coat Photos.

Editor’s note: this post was originally published in December, 2016. It has been updated for content and clarity.

 

Extra, Extra!
Recent Posts

FTC Adopts Final “Click to Cancel Rule”

FTC Adopts Final “Click to Cancel Rule”

Internet Law

The Federal Trade Commission (FTC) has issued final amendments to its trade regulation rule concerning negative option plans, also known as the “click to cancel rule.” This rule aims to address widespread deceptive practices that prohibit customers from cancelling services in the same manner in which they signed up. Here’s a detailed summary of the […]

Read more about FTC Adopts Final “Click to Cancel Rule”

Understanding Product Liability Law for Ecommerce Merchants

Understanding Product Liability Law for Ecommerce Merchants

Internet Law

Introduction Being an ecommerce merchant is hard; you have to keep an eye on your advertising spend, control your inventory, and make sure your customers are happy. Additionally, you also have to navigate a complex landscape of legal responsibilities. One of these areas, which is often overlooked, is product liability. Product liability law holds manufacturers, […]

Read more about Understanding Product Liability Law for Ecommerce Merchants

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Internet Law

Introduction In our increasingly digital world, the significance of internet privacy is paramount. Internet privacy attorneys are essential in safeguarding the rights of individuals and organizations against various privacy-related challenges. This blog post delves into the key issues these attorneys address. Data Breaches and Cybersecurity Data breaches occur when sensitive information is accessed or disclosed […]

Read more about Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Put Revision Legal on your side