Your 2020 IT compliance plan can not stop at your servers and systems. Instead, you have to check — and double-check– that your vendor downstream is as digitally diligent as you are.You have spent thousands of dollars and countless hours training your employees on IT security best practices. Everyone from the C-suite to the bookkeeper’s assistant knows how to spot a scammer and a spammer. You have your firewalls in place, and there’s not a phishing scheme on the web that can infiltrate your sensitive data. So you can relax, right? Probably not.
According to ImageQuest’s IT compliance experts in Bowling Green, if you allow vendors or any third-party to access your digital assets, their weaknesses become your vulnerabilities.
What is a downstream vendor?
A downstream vendor is any person or entity that provides services to you. Your internet provider, outside billing firm, and even building maintenance technicians are all a part of your vendor network. Unfortunately, these service providers can be the back door by which cybercriminals access your information. Target’s 2014 data breach is a perfect example. The retail giant subcontracted an HVAC company to, presumably, monitor energy consumption, a common cost-savings measure. A hacker found this out and stole network credentials from the company. The cyberstalker used these to install malware. Once that was in place, they had direct access to payment data in Target’s internal systems.
Ten hours’ east of Bowling Green, another IT compliance offender is a name that most local people know: Capital One. This banking company, which has actually been called more of the technology company that offers financial services, recently suffered a high-profile systems breach when customer data stored on Amazon Cloud service was compromised. While Amazon maintains that its processes worked the way they were supposed to, there are many that suspect they share the responsibility. Either way, this is a perfect example of how even the most technologically-advanced companies have to keep a close watch on their vendors.
Retail and financial companies are not the only ones that are vulnerable. All businesses can benefit from reviewing both their security and that of their vendors. Companies that collect information on intellectual property or personally identifiable information may already be feeling the crunch from regulators to revamp their IT compliance strategy. We receive many calls from Bowling Green businesses, asking how quickly a vendor management plan can be put into place. The answer depends on each business, how many vendors they have, if these vendors allow their own service providers to access company systems, and what type of information needs protecting.
For a business to be diligent in their IT compliance, they must begin by evaluating their risk. This starts by determining how valuable each vendor’s services are and how much access they have to internal data and IT systems. A vendor management plan identifies this and other information that business leaders can use to make an informed decision on appropriate security measures. These are determined by the industry they are in. And, in some sectors, businesses that do not prioritize IT compliance may be penalized. Companies in Bowling Green and the surrounding area that need assistance creating a vendor evaluation can contact ImageQuest for more information.
When Your Business Is The Vendor
If your business provides any services to other businesses, you are a downstream vendor. Because of this, it is wise to be diligent in your own IT compliance and IT security measures. Companies in the medical and financial sectors (among many others) are required to utilize vendors that agree to utilize appropriate safeguards when handling sensitive information, including electronic health records. You might be required to complete a vendor evaluation detailing your current security procedures. If you do not have them, you are at a high risk of losing customers. If you are in Bowling Green, ImageQuest can help you get ready for this review and ensure that you are not the weak link in your client’s processes.
ImageQuest provides IT security and IT compliance for companies in Bowling Green, Nashville, and everywhere in between. For more information contact us today at 888.979.2679.