I recently blogged about the pervasive nature of data breaches and the particular risks presented to this industry.  Many firms may think that they are secure because they used a vendor to build a secure environment, but history tells us that is not the case. 

Cyber-attacks do not always come from a direct hit, but they can also occur when a hacker goes through the systems of the third-party vendor of the targeted company.  So why should this matter to you? 

For smaller firms, using third-party vendors to outsource technology can be a cost effective venture.  Yet, using a third-party presents particular risks if that firm itself does not have a secure system. 

When hiring a third-party vendor, it is critical to ask the proper questions regarding the security of the systems that vendor will be using to build your architecture.  You should ask if they have ever been the victim of a cyber-attack. fraud.jpg

At the same time, you want to be very careful regarding the wording of your agreement with that vendor.  Among other things, you may want to build into your agreement who is liable for a cyber-attack that comes through a weakness in your vendor’s system.  Although this will not preserve customer relations in the event of a data breach, it will at least aid in the financial fallout. 

This is not to suggest that you should not use vendors to help build you technology infrastructure.  Instead, make sure you engage those who have a proven track history against preventing cyber-attacks.  Finally, make sure you are careful when you sign your contracts.  After all, it is your business that you have to protect.

* photo from freedigitalphotos.net