Your Cybersecurity Is Only as Good as Your Vendors'

In-House Straight

, Corporate Counsel

As the number of cybersecurity breaches continues to rise, The New York Times is reporting that major corporations are requiring their law firms to increase security and then prove they did so.

Aditi Mukherji on FindLaw’s Free Enterprise suggests that small business owners should consider adopting this same tactic, especially with vendors. Mukherji reminds everyone the Target hackers breached the chain's security systems by using electronic credentials stolen from a vendor, adding such breaches also put the company and owner at risk for legal liability.

Requiring a vendor to show proof of cybersecurity is one way to hold the vendor accountable, says Mukherji, as well as ensuring reliability and consistency in overall online security efforts.

Here are some practices Mukherji says must be addressed immediately:

  • Distribution: Be sure the vendor isn’t putting sensitive files on portable thumb drives or emailing documents to unsecure iPads.
  • Networks: Find out if vendor computers are linked to a shared network in countries like China or Russia, where hacking is prevalent.
  • Access: Determine how many people have access to sensitive information; the greater the number, the bigger the risk.
  • Proof of vendor cybersecurity should be one facet of a larger security plan that extends to other business relations, Mukherji advises.

Website Note 16 April 2014*

With the Heartbleed OpenSSL issue, so many vendors are now scrambling to tell their users that they are safe from the Heartbleed exposure.