Accounting, project management, HR—you name it, you can (and probably do) use a software solution to manage it. All businesses rely to some extent on third-party vendors, and share a lot of sensitive data with them. If one of these companies experiences an incident or gets breached, your information could be compromised, corrupted, or stolen.
Additionally, there can be legal considerations as you’re often signing a contract or agreeing to terms of service with vendors. So, it’s important evaluate how they protect (or don’t protect) your data as a part of your vendor selection process and due diligence.
? For more on how vendors’ cybersecurity can impact Small Business and related legal considerations, listen to Episode 4 of The Hilt, Defendify’s new podcast, featuring Sid Bose, multi-faceted attorney focused on cybersecurity and more.
Part of being a security-minded provider and thought leader is thinking beyond your company. Here are three steps to help you and your customers evaluate potential vendors’ cybersecurity.
1. Explore Documentation
A cybersecurity-conscious company will likely have a security section on their website or prepared documentation that can be made available. Take some time to read the details, as well as any available terms of service, to see if you’re comfortable with their practices. If they don’t have information online and can’t provide it upon request, it might indicate that security isn’t a priority.
You can also look online for previous incidents. A past data breach doesn’t necessarily mean poor security—many companies use an incident as an opportunity to learn and improve. But a pattern of breaches or unaddressed security issues may indicate a bigger problem.
2. Ask the Right Questions
Next, you can begin to dig into specifics that are important to your business. For example, you might ask:
- Does your product offer security features such as two-factor authentication (2FA) and encryption? If not, are they on your product roadmap?
- Do you train your employees on cybersecurity?
- How often do you test your systems?
- Does your company have an Incident Response Plan?
Don’t feel like you need to grill them: your goal should be to get an idea of their attitude towards cybersecurity and learn what features might exist. Any company worth working with should be happy to answer your questions—after all, they want your business!
3. Evaluate and Decide
Once you’ve gathered some details, it’s time to make an informed decision. Take security into account along with other product features, service, responsiveness, and pricing to select the vendor that best fits.
Ultimately, you may decide for business reasons, or have no choice but to work with a vendor that doesn’t check all your boxes in terms of security. Just remember to keep best practices in mind and take any available steps to secure your account. And don’t be afraid to submit feature requests for security-related items!
It’s tough to learn everything about a vendors’ security before working with them, but a little evaluation can go a long way in helping select vendors that align with your cybersecurity-first approach.
Your Friends @ Defendify