Could a Vendor Be Your Security Weak Spot?

Imagine that your organization must consult an attorney on a minor legal matter.  You may have a firm that you have used in the past, or you may ask your network for a referral. 

You schedule an initial consultation, and the firm’s expertise, experience, and fee structure align with your needs.  But what about their cybersecurity?  Could retaining this firm lead to a data breach?

We don’t know the vetting process that Modelez Global used when choosing the Bryan Cave Leighton Paisner LLP law firm.  We know that confidential employee data was accessed via the law firm, and Modelez had to report the breach to the Attorney General and will need to provide credit monitoring to the affected parties and prepare for a class-action lawsuit.

We were also involved in a third-party vendor audit highlighting the importance of validating responses to the standard security questionnaires.

Think about all of the vendors that may have copies of your data or access to your network.  Outsourced payroll and HR, marketing, outsourced developers, accountants, or technology support.  Are you confident that their cybersecurity is at least as strong as your own?  If not, we can help.

Sign up for our Newsletter

Receive weekly emails for the latest cybersecurity news

Expand your team with Foresite

Enterprise-level cybersecurity and risk management for mid-sized businesses. Prioritize your security tasks and reduce the complexity of cybersecurity.