Sorry for the (newly) overused pun. But did you know that the recent Target data breach was initiated through an attack on a vendor?
Does your organization outsource? Do you share your customer information (non-public information?) and intellectual property with them? Are any of them critical to your business? Do you know if their security is compliant with your (and industry) standards? How much do you rely on their SSAE16s? Do you have a process for vendor due diligence?
And if you are a (small to medium sized) financial institution or services company, you should read (and follow) the Office of the Comptroller of Currency’s (OCC) Bulletin 2013-29. The Controller of Currency, Thomas Curry, has warned that “third party security risks are creating increasing vulnerabilities for community banks”.
Please contact us if you are interested in creating and implementing a robust vendor risk management program.