When a company experiences a data breach it can be very costly to clean up, and even if the data breach is caused by a contractor it is still the company’s responsibility to clean up the mess. We’ve seen this play out over and over with third party contractor caused data breaches at high profile companies like Target, Wendy’s, and Acer. No matter what kind of work you are farming out to a third party vendor, it’s important to make sure you are dealing with someone who has the necessary training to keep your company’s and customer’s’ data safe and secure.
In 2016 the average cost of cleaning up a data breach was $4 million, which is nearly a 30% increase from just 3 years prior. It can cost more or less depending on the industry in which the breach occurs. Medical and financial records, for example, are much more costly to clean up once they have been compromised. Over 60% of data breaches are traced back to a third party vendor, so it’s imperative that you only do business with trusted vendors.
In order to mitigate risk, your company should:
Earlier this month, value investor Mohnish Pabrai took part in a Q&A session with William & Mary College students. Q3 2021 hedge fund letters, conferences and more Throughout the discussion, the hedge fund manager covered a range of topics, talking about his thoughts on valuation models, the key lessons every investor should know, and how Read More
Utilize security tools to prevent cyber threats
Only work with certified vendors
Make a plan to restrict what information vendors can access
Data breaches can cause lost revenue from cleaning up the mess, but they can also cause disruption of business and loss of future business. Once your company’s reputation is harmed by a data breach it’s not easy to earn back the trust of your customers.
Choosing third party vendors who are certified in protecting data and preventing breaches can go a long way toward protecting your business’s reputation. Some of the certifications you can look for include:
AICPA SOC, which establishes protocols for handling financial data
HITRUST, which establishes protocols for handling sensitive health information
NIST, which establishes scientific and technological standards
ISO 9001, which establishes international standards
Anyone who has access to healthcare information has to comply with HIPAA, even the people who are sending appointment reminder mailers to patients. It’s important to use a third party vendor who is certified HIPAA compliant, because this is one of the most expensive data breach areas.
Learn more about preventing data breaches from this infographic. Even if you are compliant with all laws and regulations your third party vendors may not be, and the onus is on you to confirm their status. Your company’s reputation is at stake!