Small Business Corner

Share:

Small Business: Vendor Security

Published: February 19, 2019

Not many small businesses do business these days without the services of third-party vendors, some of whom have access to your company’s sensitive information. Even if you run a tight cybersecurity ship, what happens if your accountant loses a laptop or the payroll company that connects to your network experiences a security breach? Your business could be in jeopardy, of course, but that’s not all. Regardless of the circumstances surrounding the vendor’s breach, customers may focus on the fact that they trusted you with the data and now they’re at risk for identity theft.

It’s in your interest to be very interested in how the companies you work with protect personal information. The FTC has new cybersecurity resources for small businesses with tips on keeping tabs on your vendors’ security practices.

HOW TO MONITOR YOUR VENDORS

When you transfer sensitive information to a vendor – whether it’s confidential paperwork or digital data – what steps can you take to help secure it?

Put it in writing. Spell out your security expectations up front and include specific provisions in your contracts about protecting data. If a vendor vacillates, maybe they’re not the right partner for you.

Verify compliance. “Trust, but verify,” as the adage goes. Don’t just take vendors at their word. Establish a process so you can con?rm they’re following your rules.

Make changes as needed. Cyber threats are constantly morphing. Make sure the security methods your vendors use are up to date – and up to your data.

HOW TO PROTECT YOUR BUSINESS

If vendors have access to your network, what can you do to reduce the risk of a mishap?

Control access. Not everybody needs a backstage pass to your company’s sensitive information. When there is a legitimate business need for a certain vendor to have access, grant it on a need-to-know basis and only for the time it takes the vendor to complete the task.

Safeguard your data. Use strong encryption and configure it properly. That helps protects sensitive information as it’s transferred and stored.

Secure your network. Require strong passwords: at least 12 characters, both capital letters and lower-case, and a mix of numbers and symbols. Don’t reuse passwords and don’t share them. To stymie password-guessing software, use tools to limit the number of unsuccessful log-in attempts.

Use multi-factor authentication. Rather than relying just on a password, insist that vendors take an additional step – maybe a temporary code on smartphone or a key inserted into a computer – before accessing your network.

WHAT TO DO IF A VENDOR HAS A SECURITY BREACH

Contact the authorities. Report the attack right away to your local police. Some departments have special cybercrime units. But if they’re not familiar with investigating data incidents, contact your local FBI.

Confirm the vendor has a fix and follows through with it. Insist on straight answers from your vendor and an effective plan of action to correct vulnerabilities. If you choose to continue as a customer, ask for specifics on what they’re doing to keep your data safe going forward.

Notify customers. If customer or employee information was compromised, notify the affected parties, who may be at risk for identity theft. Read Data Breach Response: A Guide for Business for more advice and refer concerned people to www.identitytheft.gov.

The FTC has a factsheet about vendor security. Make it required reading for any employee who interacts with vendors. 

By: Andrew Smith, Director, FTC Bureau of Consumer Protection

View all posts

Members' Voice Testimonials

This credit union is the best, I love the customer service and you can't beat the interest rates. I'm happy to be a member of this great credit union.

- James · Locust Grove, GA

The branch manager introduced herself and was extremely helpful. She stated that if there is anything we ever need to please let her know. Very positive experience!

- Larry · Cumberland, MD

Greta was absolutely amazing - as always. She makes me and my parents feel valued and supported. We are forever grateful. [The Credit Union] has been hugely supportive over many years. And we feel known and cared for.

- Eliza · Washington, DC

Long as I have been with the credit union, I haven't had any problems. I also like the protection on my account.

- Charles · Upper Marlboro, MD

My overall experience at the credit union was exceptional. The staff was hospitable offering water, my service was timely and professional and the office was well lit and clean.

- Denise · Washington, DC

As a member for more than 40 years, i have always had great service from the USSFCU and know that they stand behind their great reputation.

- David · Silver Spring, MD

A top rate Credit Union, [I'm] privileged to be part of! Thank you for all you do for our family! USSFCU Credit Union was able to resolve our financial situation - vehicle, personal loans, customer service/recommendations, within 6 months. We belonged to another credit union for over 20 years, with results not even close to comparison. We switched ...

- Manuel · Bowie, MD

Your people and products are amazing. The recent [online banking] overhaul is phenomenal. [I've] been electronic banking since Tele action phone banking - paying bills with my push button landline decades ago. USSFCU is light years ahead of everyone else in terms of ease of use and client experience!

- Misty · Brookings, OR

I have been a member for more than 30 years. I no longer reside in the DC area but continue to bank with USSFCU because of the ease and the customer service.

- Tamra · Denver, CO

I have been a member for over 50 years, and I have always gotten good service with loans, when I had to have service at a branch, and when I needed to have money sent to me from my savings account. The personnel have always been friendly and treated me with respect.

- John · Fort Washington, MD

I especially appreciate being able to quickly speak with someone (not a robot) and that person has always been knowledgeable and helpful.

- Bernard · Richmond, VA

Excellent customer service streamlined and transparent process. The representatives are efficient, knowledgeable, and understanding of the type of loans offered by Credit Union.

- Erwin · Ellicott City, MD

The USSFCU behaves as a credit union ought to behave. The staff works with and for the members, not for a corporate board. Interest rates for a car loan, a home improvement loan, and a mortgage are low and terms are transparent.

- Ruth · Takoma Park, MD

Staff are courteous and friendly to work with. Very knowledgeable about services and products offered or available. Excellent follow-up with customers.

- Jacquelyn · Sanford, FL

I have appreciated USSFCU services for many years since I left my work on Capitol Hill. I have appreciated the occasional webinars on purchasing a home or retirement planning.

- Jamie · Washington, DC

I have been a member since 2006, and have always appreciated the customer service response to any concern or query. In addition, as I have traveled extensively, USSFCU has provided support and access.

- Kathleen · Ukiah, CA

I've had a credit union account for decades, even though I no longer work on Capitol Hill. I now have two accounts. I've been able to do all of our banking remotely, by app or by phone.

- Richard · Washington, DC

I have been a USSFCU member for almost 20 years. There is nowhere else I want my money to be. I always receive excellent service.

- Nicole · Alexandria, VA

I deeply appreciate the stellar service, the proficiency, the professionalism, and the kindness. I am truly honored and grateful to bank with a financial institution that treats customers like family.

- Angela · Alexandria, VA

Read More testimonials.