03 Jun Vendor Management for IT Security
Did you know that 44% of companies who were surveyed about significant data-breaches answered that the breach was caused by a third-party vendor? Not only does a data breach negatively affect your customer trust but it also affects your bottom line and hits you where it hurts the most. According to Ponemon Institute and IBM third party involvement was one of the five biggest cost drivers, increasing the average cost by more than $370k to $4.29 million.
It’s common for companies to rely on third-party vendors to outsource IT functions. However, the vendor is typically not under your control and might not be entirely transparent about the security standards they apply to their operation. Some vendors might have excellent security standards while some vendors out there might not.
It’s important for every organization that is currently hiring or considering hiring a third-party vendor to have a Risk Management Strategy. You need an IT Vendor Management plan to ensure that you can trust that your data is safe and not at risk for insecure exposure.
So what counts as an IT-Vendor exactly? – FTI can help you navigate!
The immediate response is every IT vendor that relates to your business right? No, the rise of IoT and smart systems for buildings has increased the complexity to determine who actually is a vendor that has relevance to your IT Security. Anything that is “connected” in your building can make you vulnerable to cyber crime. Vendors that previously were not considered as a vendor related to your IT security, can very well be today!
Research from Harvard Business Review and Microsoft found that 60% of successful cyber breaches come through building systems like VoIP, surveillance recording cameras, business machines, HVAC, or even elevators and other IoT. With the increased complexity of Building Systems every company needs to adapt their Vendor Management, to make sure that their data is protected.
Taking the first steps
Vendor identification – know your vendors
You might have a pretty decent understanding of who your vendors are, but you need to know all of them and that includes Building Systems vendors. Make sure that you have complete documentation of who your vendors are so you can properly monitor your relationship with each vendor.
Risk of each vendor
Understand what your vendor has access to. Data, networks, devices and software that are accessible to the vendor. If the vendor has access to sensitive data, the vendor is a higher risk vendor.
Metrics and controls
When the risks for each vendor is understood you can together with the vendor define controls and security metrics that the vendor is required to use. The controls and metrics should be incorporated with all current and new vendors. By defining controls and metrics you can better measure your vendors’ compliance with your vendor policies.
Follow-up and monitor
Continuously monitor your vendors to make sure that they comply with your agreed upon vendor policy. Every relationship is of course built on trust – but it’s important to verify that the vendor is complying with your vendor policies.
Frontier Technologies can help
Vendor Management within IT is not easy and when running your business it might not even be at the top of your mind. FTI has over 20 years of experience with Vendor Management and has helped multiple companies secure, streamline and improve their Vendor Management practices. Being proactive by asking FTI questions now before a problem arises doesn’t hurt your bottom line but may save you plenty in the long run.
Do you want to learn more about Vendor Management and Building Systems? We are here to help. Contact us today!