Are Third-Party Vendors the Weakest Link in your Cyber Security Chain?

Posted by

So, you’ve invested in a top-rate data security system, and hired the best CISO (Chief Information Security Officer) imaginable, but have you ever audited the security of the computers used by your attorneys and accountants…to whom you disclose your company’s most confidential and sensitive information? Well, you should.

As recently reported in the Wall Street Journal, today’s largest financial institutions are now putting law firms to the test when it comes to the security of the information provided to their attorneys. And, rightly so, as most lawyers and other third-party professionals are not in the business of cyber security.  See Articles One and Two.

Businesses should not be wary of holding their third-party vendors to the highest standard when it comes to cyber security, and it would not be the first time that the marketplace has led the way in safeguarding valuable data. As medical professionals are well aware, HIPAA’s requirements do not end at the hospital or office door, but follow the protected information wherever it goes. When the lawyers implemented additional protections for health-related information, it was not out of love for federal regulations, but for their bottom line. Remember, the best financial incentive that will persuade third-party vendors to upgrade their IT systems is the risk of losing your business…