You may have been giving (or know that you need to be giving), consideration to cyber risk in relation to your business. But if you work with third party suppliers have you considered what the potential impact on your business could be if they were to suffer a cyber-attack?
This is of particular importance if third party suppliers you work with process your customer data. Given the recent regulation changes as part of GDPR it is key that you understand and take responsibility for the security of your data, whether this is managed by yourselves or a third party.
Recent research commissioned by Experian saw businesses surveyed identify the 4 highest risks of working with a third-party supplier as:
• Loss of personal data
• Online fraud
• Identity theft
• Financial loss or damage
So, what can you do to minimise the risk if you do want or need to work with a third-party supplier? Some important areas you can look at include:
1. Knowing where your third-party supplier stores data – it is your date after all, so you need the facts
2. Ensuring your suppliers are GDPR compliant. For example, could they notify you of a data breach within 72 hours?
3. Auditing your third-party suppliers and their security procedures on a frequent and regular basis – this way you will have the full picture of how your supplier operates and keep you up to date on any changes they make
4. Having an agreed process in place to contact customers if you or your third-party supplier suffer a data breach. This may help minimise the reputational risk to your business
Remember, a cyber-attack can affect any business, large or small. In fact, some research suggests that SMEs may be more vulnerable to cyber-crime than larger businesses as cybercriminals may believe they have fewer resources to protect themselves. Therefore, you must consider cybercrime as a real risk to your business. Keep this at the forefront of your mind when it comes to setting up third party agreements – assuming your third party will take as diligent an approach as you is not an option!
In today’s environment, cyber insurance can be of real benefit in helping you protect your online business. At Anthony Jones, our experienced teams can help you understand the risk your own business faces and help you put measures in place to protect against an attack. Your current business insurance package may not provide cover for cyber threats so don’t make the mistake of assuming this is the case.