September 29, 2021 •Dalene Bartholomew, CFE, CIFI, VP
Few businesses want or need to do everything themselves. Many organizations rely on UPS and DHL for shipping. Payroll processors are efficient partners for human resources teams. Marketing consultants can be faster and cheaper than in-house staff. But here’s the challenge: many of these partnerships require you to share confidential information like customer, sales, and employee data. Some arrangements give third parties access to your systems.
According to an industry survey, more than half of organizations have experienced a data breach caused by a third party. The costs can be huge.
- According to BigCommerce, the average cost of a data breach in 2020 for big businesses was more than $150 million
- The average cost of a data breach was $3.92 million in 2019, according to the experts at IBM Corporation
- Email compromises alone cost on average $24,439 per case, as reported by Verizon's 2019 findings
- Nearly 64% of organizations experiencing a data breach reported the breach was in some way, shape, or fashion related to a vendor relationship
Formal audits of vendor information security reduce risk
Implementing security safeguards is a top priority. Every company’s Information Security team should have a vendor risk management plan. The plan can substantially reduce your company’s risk, and include:
- Evaluating the data security of vendors on five criteria: privacy, security, confidentiality, availability, and data integrity
- Vendor compliance with clearly defined information security policies
- Ensuring vendors adhere to HIPAA security and data privacy standards, when relevant
- An incident response plan that includes written procedures for managing a vendor-related data breach
- Monitoring of your vendors’ cybersecurity, including regular audits
- Copies of vendors’ information security policies and procedures
Ultimately, your vendors must have strong, tested, enterprise-level security. Choose companies that take their responsibilities as stewards of your data seriously. Make sure their information security practices make the grade – before you entrust any company with your business.
DALENE BARTHOLOMEW, CFE, CIFI
Dalene Bartholomew is a Certified Insurance Fraud Investigator, Certified Fraud Examiner, Vice President of VRC Investigations. She enjoys building long-term strategic partnerships with insurance carriers, employers and TPAs and providing innovative insurance fraud solutions and fraud abatement programs resulting in hundreds of insurance fraud prosecutions nationwide. A forward-thinking senior executive with a 20-year record of success combatting all lines of insurance fraud, she was awarded “Fraud Fighter of the Year” by the Anti-Fraud Alliance. A recognized speaker, author, insurance fraud specialist, expert witness, fraud advisory board member, and wine enthusiast. DaleneB@VRCinvestigations.com