Preventing Data Breaches: Why Third-Party Vendors Needs To Be Certified
By Brian Wallace
July 3, 2017 • Fact checked by Dumb Little Man
Data breaches are always in the news.
That place you went for tacos last week got breached and now you need a new debit card. Your favorite department store was breached during the Holidays last year and you’d already gotten a new debit card from that. Even your cousin’s home-based business was breached and her essential oil empire is now in jeopardy.
It’s scary enough as a consumer. And if you own a business, data breaches can be downright terrifying. It’s not just an inconvenience for a business. Data breaches can cost millions of dollars to clean up and your company’s reputation may never fully recover.
But, where do all these data breaches come from, anyway?
As it turns out, 63% of data breaches are caused by the lax security procedures of third-party vendors who may not be trained to handle your company’s sensitive information. That’s right. Your data breach may not even be your fault, but you’d better believe you’re the one who will have to pay to clean it up.
Take, for example, the healthcare industry. It is one of the most expensive industries in which to clean up as data breaches can clock in at an average of $355 per record breached. That’s compared to an average of $158 across all industries. The data handled by healthcare businesses is more sensitive and more protected and there are some pretty complicated laws surrounding its handling.
This includes the following:
- Data privacy and security are guaranteed to patients by law
- Potential data breaches are required by law to be handled as data breaches until proven otherwise
- All businesses that have access to privileged health information are required by law to be compliant with HIPAA
- Verifying HIPAA compliance of your third-party vendors is up to you
If you own a medical practice and you hire someone to send out appointment reminder cards, you’d better be sure they are certified HITRUST for HIPAA compliance. Don’t just trust their claims of being HIPAA-compliant. Remember, a data breach can shut a small medical practice down altogether. Make sure your contractors are certified to handle the information you are sharing with them so you can lessen your risk.
In other industries, data breaches aren’t as costly to handle, but they are still just as serious. On average, public sector records are the least expensive to clean up, clocking in at $80 per record breached. But, reputational damage can still impact your company for years to come, if you survive that long.
Since data breaches can be so costly – the average in 2016 was $4 million – the easiest way to stop them in their tracks is to ensure that your third-party vendors are certified to handle any sensitive data your company has. Anything from your HVAC company to the company who supplies your printers can be the weakest link in your information security plan.
A good information security plan will do the following:
- Utilize security tech tools within your organization to protect your data
- Train employees on proper password hygiene and data handling procedures
- Only work with vendors who are certified to handle the type of data your company uses
- Have protocols in place for what data outsiders can access and keep other data separate
When you own a business, third-party contractors are your lifeline. You can outsource your payroll, billing, mailers and printing so you can spend more time on growing your business. As long as you follow strict guidelines on who your company will work with and what they will have access to, leaning on third-party vendors for support can help your business grow and thrive.
See Also: 7 Top Tips to Avoid Being Caught in a Phishing Net
Cyber thieves are always lying in wait for you to leave even the tiniest opening into your company’s sensitive data. Preventing them from gaining access is crucial to your long-term success in your field. Customers won’t want to do business with you after even one data breach, so it’s up to you to close all the gaps. Learn more about preventing data breaches from this infographic!
Source: United-Mail.com
Brian Wallace
Brian Wallace is the Founder and President of NowSourcing, an industry leading infographic design agency based in Louisville, KY and Cincinnati, OH which works with companies that range from startups to Fortune 500s. Brian also runs #LinkedInLocal events nationwide, and hosts the Next Action Podcast. Brian has been named a Google Small Business Advisor for 2016-present and joined the SXSW Advisory Board in 2019.