Should You Demand Proof of Cybersecurity From Vendors? - Free Enterprise
Free Enterprise - The FindLaw Small Business Law Blog

Should You Demand Proof of Cybersecurity From Vendors?

A growing number of corporations are asking their law firms to fill out lengthy questionnaires to show proof of cybersecurity measures. Should your small business follow suit?

Major corporate clients are demanding that their law firms ramp up their security and then prove that they did so, The New York Times reports.

This is a cybersecurity tactic small business owners might want to adopt -- particularly with vendors.

Why This May Be a Good Idea

Lest we forget, the massive Target data breach resulted from a compromised vendor. The Target hackers breached the chain's security systems by first using electronic credentials stolen from a vendor.

For business owners, the lesson is that vendor cybersecurity is critical to the security of your own business. Unless you can trust your vendor's security measures, your business can be vulnerable to cyber threats. That, in turn, can expose you and your business to legal liability.

Requiring a vendor to show proof of cybersecurity is one way to try to hold the vendor accountable, as well as to ensure reliability and consistency in your overall online security efforts.

A Cybersecurity Checklist

When asking vendors for proof of cybersecurity measures, there are certain risky practices to immediately address, including:

  • Distribution. Make sure a vendor is not putting sensitive files on portable thumb drives or emailing sensitive documents to nonsecure iPads. Find out if the vendor uses secure email and how much of the information it sends is unencrypted.
  • Networks. Find out whether your vendor works on computers linked to a shared network in countries like China and Russia where hacking is prevalent.
  • Access. Get an idea of how many people have access to sensitive information. The more hands that have access to the data, the greater the security risk -- and therefore, the stronger the security measures needed.

Asking for proof of vendor cybersecurity should be one part of a larger plan to create a robust security system that extends to vendors and other interconnected business relations. Your customers, your peace of mind, and your wallet will thank you for it.

Follow FindLaw for Consumers on Google+.

Related Resources: