Are 3rd Party Companies Leaving You Exposed to Cyber Attacks?

Imagine you’re a small business owner. You’ve been in business for a couple years now and are at the point where you are looking to make the most out of your time. You’re tired of doing tasks that you aren’t good at and don’t drive money into the business. So, you plan on outsourcing these tasks to companies that, frankly, do it better than you do. Once you get them in place, you can focus on what you do best and help drive sales.

But one day, you come into work and found that your network is infected with malware! How could this happen? You’re using enterprise level anti-virus and firewalls. Your employees are educated on threats and are tested periodically. It couldn’t be your company or staff that got your network infected… After consulting with a security researcher, you find out it was a 3rd party company that got your computer network infected. Although they didn’t have access your computers or servers, they brought an infected laptop and connected it to your network which spread the malware.

Although this scenario was only hypothetical, it can happen to any company. If you look at Target, Delta, or Sears, these companies outsourced a function of their business. However, due to those 3rd party companies, a data breach occurred at each company. Although you don’t have control over what another company does for their IT security systems and policies, you have a few things you can do.

What You Can Do

  1. Request a regular audit: Chances are, you’re already regularly monitoring your IT environment and managing updates to hardware and software. However, that doesn’t mean the company to whom you outsource certain functions does the same. Having a yearly or even quarterly audit can bring you insight on what is going on in the 3rd party company’s IT network.
    1. Control connections and data: If your 3rd party company needs access to your network, make sure to include your IT department or Managed Service Provider in the conversation. That way you can make sure the connection is secure and only the data they require is accessible. Ideally you want to isolate what they are doing from your network.
  2. Tracking: Tracking and having reports on what your vendor does can help clear up misunderstandings. It can will also be good to have your IT department or MSP monitor the data vendors touch more closely.

Having a vendor can help take time consuming tasks off your shoulders but also increases the complexity of your environment. Business Data Services can help you plan things out with our CIO sessions. Call Business Data Services today at 913-239-0368 to find out more about our services!

Leave a Reply

Your email address will not be published. Required fields are marked *