Third-party vendor management

By: Paul Dusini

We’ve all heard about data breach horror stories like Target’s staggering leak of 40 million customer credit and debit card accounts or Home Depot’s stolen 56 million payment card accounts. Considering the significant damage to a brand’s reputation and financial loss after a security breach of such magnitude, you’d think more companies would take notice and establish a more sophisticated security posture. However, you need to worry about more than just your own system’s security; many of the high profile security breaches that you hear about in the news (Target, Home Depot, Lowe’s – you name it!) have one commonality: they were all attributed to third-party vendors.


What are third-party vendors?

A third-party vendor is any organization outside of your company that provides a product or service and has access to your system. Nowadays, it’s pretty much impossible to find a company that doesn’t utilize third-party vendors. For instance, many companies use electronic billing or payroll services.

Despite the seemingly innocent nature of these strategic partnerships, third-party vendors can make or break your company’s security. Once a vendor has access to your network, they have access to confidential company, customer, and employee information. If your vendor’s network isn’t secure, they put your data at risk, and your company is completely responsible for whatever happens to that data.

In order to avoid data breaches attributed to third-party security, you must perform adequate assessments of your vendors’ security practices. Here’s the problem: many companies that need to perform vendor assessments are unequipped to do so (even companies that must perform assessments for compliancy reasons), and need the help of a security company to make sure everything is running smoothly.


Here are 6 reasons why your company needs third-party vendor management services to ensure the security of your data:


1. Data breaches attributed to third-party security are increasing

This fact should be no surprise, seeing as data breaches attributed to vendors are increasingly high-profile news stories. In fact, according to PwC’s Global State of Information Security Survey, the number of security breaches attributed to vendors has increased from 20% to 28% in recent years. Obviously, companies are lacking when it comes to assessing their vendors, and their brand may be paying the price.


2. Third-party assessments take time

This is why many companies need third-party vendor management as a service – they simply don’t have time to perform adequate assessments! Not to mention the fact that many companies have dozens, if not hundreds, of vendors to assess. Security companies provide a worry-free solution by managing your vendors so you can manage your business. This way, your vendor assessments don’t suffer and business goes on as usual.


3. Vendor assessments require expert staff

This point goes hand in hand with the time aspect. Sure, your company may have a couple of information security professionals, but not enough manpower to sufficiently assess all vendors. Unlike accounting or auditing firms that may offer a service similar to vendor management, we have the security knowledge to not only address your compliance and regulatory needs, we can evaluate security risks and implements methods to reduce that risk. Furthermore, experts at security companies have exceptional knowledge and a unique understanding of security tactics that many professionals don’t have. For instance, a professional from a security company may catch something that an information security specialist at your brand may have missed.


4. Security companies help with remediation

So your vendors have been assessed and some security issues have arisen. Now what? Rather than leaving you in the dust to deal with the problems yourself, security companies help with the remediation process of correcting security errors.


5. Security companies are familiar with both regulatory and security needs

Despite the high-level security threats that vendors pose, only 52% of companies have security standards for third-parties, according to PwC. Security companies can help fix that. As part of third-party vendor management, security companies can help with creating guidelines that address both security and regulatory requirements for both the client and vendor.


6. Third-party vendor management includes monitoring

Your third-parties need to be monitored. Once the initial assessment is complete, security companies continuously check up on your vendors to make sure everything is running smoothly. This will give your company peace of mind knowing that your vendors’ security is under watchful, expert eyes.


Essentially, third-party vendor management alleviates the stress of having to perform lengthy, in-depth evaluations of multiple different vendors. Get with NuHarbor Security to ensure the security of your vendors in the most stress-free way possible.


Third-Party Vendor Management

by Paul Dusini

by Paul Dusini

Information Assurance Manager

Paul Dusini is the Information Assurance Manager for NuHarbor Security.  He has more than thirty years of experience helping organizations successfully and safely use information systems to support business goals.  He is an experienced CIO and Risk Manager and is certified in security management (CISM) and risk management (CRISC).