Your business vendors may have access to sensitive information, such as your financial data or customer details. But what happens if your accountant loses their laptop, or a vendor connected to your network gets hacked? The result could be devastating: your business data and customers’ personal information could fall into the wrong hands, putting both your business and customers at risk.

How to MONITOR your vendors

1. Put It in Writing

• Make sure your contracts with vendors include specific security provisions. This should cover a plan for evaluating and updating security controls regularly to account for evolving threats. For critical security measures, be clear that they are non-negotiable.

2. Verify Compliance

• Don’t rely solely on your vendors’ assurances. Set up processes to regularly verify that they are following your security requirements. Trust but verify.

3. Stay Adaptable

• Cybersecurity threats are constantly changing. Ensure your vendors are keeping their systems up to date and are adapting to new security challenges as they arise.

Software update

How to PROTECT your business

1. Control Access

• Limit access to databases containing sensitive information to a need-to-know basis. Ensure vendors only have access to your data for the time necessary to complete their tasks.

2. Use Multi-Factor Authentication (MFA)

• Require multi-factor authentication for vendors accessing your network. This adds a layer of protection beyond passwords, like entering a temporary code from their smartphone or using a physical key.

What is MFA? How is it useful?

3. Secure Your Network

• Enforce strong password policies: passwords should be at least 12 characters long, combining numbers, symbols, and both upper- and lowercase letters.

How to setup a strong password

• Make sure passwords are unique, not shared, and limit the number of failed login attempts to protect against password-guessing attacks.

4. Safeguard Your Data

• Use strong encryption to protect sensitive data as it’s stored or transferred. Proper encryption ensures that even if information is intercepted, it can’t be read without authorization.

What to do if a vendor has a DATA BREACH

1. Contact the Authorities

• Report the breach immediately to your local law enforcement to get proper support and initiate an investigation.

2. Ensure the Vendor Fixes the Problem

• Confirm that the vendor has identified and resolved the vulnerabilities that led to the breach. If you continue working with them, ensure they take steps to protect your data going forward.

3. Notify Affected Customers

• If your data or customer information was compromised in the breach, notify those affected. They may be at risk of identity theft and need to take precautions to protect themselves.

Vendors are an integral part of your business, but they can also be a source of risk. By monitoring their security practices, protecting your data, and having a plan in place for handling breaches, you can safeguard both your business and your customers from potential threats.

Stay tuned, stay secure, and let’s make Cybersecurity Awareness Month count!

*Article inspired by the guide “Cybersecurity for small business” written by the Federal Trade Commission (FTC).

——————–

We at APIS Consulting can assist you in enhancing your cyber security knowledge and IT security procedures. If you require any trainings, cyber security audits, to boost your IT security, or to outsource your IT security, you can get in touch with us via email at contact@apisconsulting.cn or by adding Antoine on WeChat using the QRcode below.

---