63 percent of all data breaches can be linked either directly or indirectly to third-party access, according to a recent survey.1
Hackers are increasingly targeting weak links in a business’s supply chain in order to tunnel their way into systems and networks, potentially gaining access to sensitive data that can cripple organizations of all sizes.
While 94 percent of business decision makers say they are moderately to extremely concerned about the impact cyber risk has on their firm,2 more focus needs to be placed on the evolving threat of third-party breaches. Here’s how you can protect yourself.
Managing Risk
- Take an inventory of your third-party vendors. The first step in a third-party security assessment is documenting all vendors that your business partners with. While this can be a complex task for large organizations, it’s difficult to put a security plan in place without knowing all the players with network access.3
- Know your Vendor. Ensure vendors have security policies and disaster recovery plans in place and update them regularly. Confirm they routinely perform data back-ups and have a redundancy of back-up servers to avoid service interruptions in the event of a failure. Finally, check to see if they perform comprehensive background checks on employees with access to your data.4
- Grant vendors the access they need and nothing more. Many vendors are given broad VPN permission when they only need access to a limited amount of servers. Grant only the access they need to perform their specific tasks.5
- Perform regular auditing. Regular security audits are imperative to staying on top of your vendors’ activity. By monitoring all movement on your network, vulnerabilities and weaknesses can be identified in a timely fashion.6
Role of Insurance
Even with a strong third-party security plan in place, your business can still be a victim of a costly data breach. Consider purchasing cyber liability coverage to protect your business - for more information, contact an agent from The Hartford, or visit our CyberChoice First Response product page. For technology focused businesses, please visit the FailSafe technology E&O site.
As a policyholder of The Hartford, your organization has access to cybersecurity services and resources, including The Hartford’s Cyber Breach Helpline and CyberChoice First Responders, as well as employee training and education to help reduce your organization’s risk while ensuring delivery of its critical services. Visit The Hartford Cyber Center to learn more.
1 https://www.sagedatasecurity.com/blog/why-managing-third-party-cybersecurity-risk-matters
2 2019 Decision Maker 1H Pulse Survey
3 https://www.complianceweek.com/third-party-risk/best-practices-in-preventing-a-third-party-data-breach/24704.article
4 https://identity.utexas.edu/id-perspectives/managing-third-party-vendor-risk
5 https://securityboulevard.com/2019/08/4-steps-to-prevent-a-third-party-data-breach
6 https://www.securelink.com/blog/can-you-afford-a-third-party-data-breach
Links from this site to an external site, unaffiliated with The Hartford, may be provided for users' convenience only. The Hartford does not control or review these sites nor does the provision of any link imply an endorsement or association of such non-Hartford sites. The Hartford is not responsible for and makes no representation or warranty regarding the contents, completeness or accuracy or security of any materials on such sites. If you decide to access such non-Hartford sites, you do so at your own risk.
The Hartford Financial Services Group, Inc., (NYSE: HIG) operates through its subsidiaries, including the underwriting company Hartford Fire insurance Company, under the brand name, The Hartford,® and is headquartered in Hartford, CT. For additional details, please read The Hartford’s legal notice at https://www.thehartford.com.