Reading:
Third Party companies may be your biggest security risk
Share:
third party security risks

Third Party companies may be your biggest security risk

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

A large number of security risks are caused by third party vendors.

As we saw with the recent Debenhams Flowers cyber-attack, using a third party company or service provider can leave your network vulnerable to security breaches. Whilst your company could have top of the line security measures put in place, the company that handles your packaging and shipping, or the company who processes customer purchases, may have weak to non-existent security measures.

This is a clear risk.

Chief scientist at security provider Agari, Markus Jakobsson, says:

“…not only does each vendor create a new entry point into an organization’s network for cyber criminals to exploit, but it also means every employee for that vendor is now a potential target to breach your brand. Unfortunately, the only way to ensure your company is not exposed to greater risks is by keeping everything in-house. But in today’s digital world, this isn’t a reality.”

Lacking in resources

Companies who don’t have the resources to conduct certain activities in-house might out-source them to another third party provider who already have the necessary equipment to complete the tasks. However, in this digitally centred world, in order for a vendor to carry out their work, they often need access to the company’s servers.

As an example, a vendor like DHL (courier service) may need access to a company’s customer database to see which address they are delivering certain goods to. However, once the vendor is allowed access to the server, it may potentially leave the company vulnerable to attacks. If you have a building on lockdown but provide a key to a third party to get in through a side door, how do you know they’ve locked the door behind them?

Third parties need to ramp up security

Third parties are used by a large majority of companies, but their security risks are not always properly scrutinised. In trusting vendors with data that could compromise the company itself, as well as their consumers’ sensitive data, companies need to ensure their vendors can handle the data securely. Whilst companies may not be the ones in control over their vendors’ security measures, they cannot simply shirk all the blame if a breach happens. As with the Debenhams data breach, customers looked to Debenhams to take responsibility for the attack; not the vendor.

Some security experts say companies have a responsibility to properly vet their vendors to ensure their security is on par. From then on, companies should regularly check to ensure their security is still intact. Others say companies must assume their vendors have already been breached, and a high tech detection and response system needs to be in place to stop a breach from affecting the companies.

Companies should ensure third parties are protected

Soha Systems, innovator of Enterprise Secure Access, found that 63% of all data breaches on a company’s server came from attacking a third party. Whilst they may no doubt be essential to a business, companies need to do more to ensure they are not at risk of a security hole. A lack of security protocol may mean the vendor doesn’t know if there are certain security procedures they should be following.

SecZetta, a company dedicated to identifying security risks and providing lifecycle solutions, has often blogged about the issue. In one post  they warn that:

“…the increased reliance on third-party employees, coupled with the growing sophistication of hackers, has led to the current identity and access management crisis that most businesses are faced with today – whether they realize it or not.”

Unfortunately for security, companies usually involve third party vendors to save resources; to reduce costs and even for a ‘quick fix’ for temporary tasks. This means that the last thing they want to do is invest more money and time into making sure their vendors are compliant with security protocols.

Resources needed for security management may end up using the money saved from using vendors in the first place. Companies clearly have an essential responsibility to balance the delicate scales for managing both third party vendors who save them resources, and using enough resources to invest in robust security.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon