Cyber Security Risks With Third Party Vendors

Beyond the Cloud or SaaS solution's ability to meet its business objectives, small business decision-makers typically express the most concern about Cyber Security and putting their data in the Cloud, and with good reason.

It bears repeating … your company will be impacted and could be held responsible for negligence on the part of your CSP that results in the compromise or breach of your data.

• Your lack of control in the Cloud extends to the Cloud Provider’s access controls and authentication measures. If too lax, your risk of a breach increases.

• What if the SaaS provider needs access to your internal network? You will need assurances that the CSP has vetted its employees as you would yours.

• What if your provider suffers a Ransomware attack and your data is encrypted? Will the CSP resolve the issue in the same manner you would if the attack occurred on your network?

• Would you pay to decrypt your data, or would you prefer not to encourage the hackers to continue attacking, knowing you pay ransoms? Find out how your SaaS candidates handle such situations.

• If the provider suffers a breach, who does it report the breach to? Does it only report to its clients or does it report to your customers too? If not, you will need to report the breach to your customers.

You want to know the SaaS provider’s Cyber Security posture and its policy concerning breach notifications. If they don't  satisfy you, eliminate that candidate.

To set up a Reference Interview on the questions you have about investing in new technology for your business, contact me at 302-537-4198, ericm@edminfopro.com or on our Contact form.