Imagine that your organization must consult an attorney on a minor legal matter. You may have a firm that you have used in the past, or you may ask your network for a referral.
You schedule an initial consultation, and the firm’s expertise, experience, and fee structure align with your needs. But what about their cybersecurity? Could retaining this firm lead to a data breach?
We don’t know the vetting process that Modelez Global used when choosing the Bryan Cave Leighton Paisner LLP law firm. We know that confidential employee data was accessed via the law firm, and Modelez had to report the breach to the Attorney General and will need to provide credit monitoring to the affected parties and prepare for a class-action lawsuit.
We were also involved in a third-party vendor audit highlighting the importance of validating responses to the standard security questionnaires.
Think about all of the vendors that may have copies of your data or access to your network. Outsourced payroll and HR, marketing, outsourced developers, accountants, or technology support. Are you confident that their cybersecurity is at least as strong as your own? If not, we can help.