Don’t Let Vendors Cost You Millions

Don’t Let Vendors Cost You Millions.

Insight from Diana Ramos 

You can do all the due diligence in the world, but if your vendors aren‘t doing the same, you’re screwed.

American Express just had this happen in March when the security of one of their third-party vendors was breached. Between January and March this year, they reported 16 data breaches.

Failures like these don't just piss off customers and stakeholders, it’s expensive. The average data breach costs companies $4.4 million.

The best way to prevent this from happening? Vendor-risk assessments, the process of identifying and evaluating potential risks a vendor might pose to your business.

These assessments aren’t sexy, but they’re necessary (like that zinc sunscreen that Zuck rolls up to the lake with 👇)

If you need a place to start, here are three key questions to ask the vendors you’re planning on working with:

1. “What is your data security policy?” Do they have certifications that comply with your industry and geographical regulations (e.g. PCI DSS, ISO, HIPAA, GDPR)? How is their data access controlled?
   

2. “Do you have incident security breach management practices in place?” What happens if something goes wrong? Do these systems identify issues as soon as they arise? Are they performing third-party security auditing regularly? 
   

3. “Do you have liability insurance?” Can they cover damages if everything goes to hell? Review their certificate – is it current? It pays to get a legal review of this.    

Third-party partner infrastructure breaches increased 68% over the past year. 

Don’t be like T-Mobile and lose $350 million in customer payouts (and then have another two breaches a year later). Ask the right questions, and cover your you-know-what.

Learn more: A Guide for Startups on Evaluating Vendors