It's a cautionary tale for small business owners: Create a robust security system that extends to vendors and other interconnected business relations, or else your business could be vulnerable to a similar attack.
Here are three tips for vendor cybersecurity:
Make vendor security a priority. For many companies, it's almost impossible to run a supply chain smoothly without divulging sensitive data with vendors and channel partners. But a cyberattack on a vendor that compromises your business' sensitive data may expose your company to liability. The bottom line: Your business may still be liable if a vendor is hacked. To limit your liability, assess and remedy vendor security concerns.
Perform cyberattack drills with your vendors. A number of employers send fake "phishing" emails to test their employees' cybersecurity habits. These simulated tests may be effective because they are more memorable than training sessions, show how attacks work in real life, and encourage all parties to be more careful. It's not a bad idea to extend such teaching methods to vendors, too. For example, a 2012 Harvard Business Review blog post suggests incorporating vendors into internal "war games" to test your cybersecurity. It's a more interactive way to test both your vendor's -- and your company's -- ability to respond to cyberattacks.
Add cybersecurity requirements into your vendor contracts. Another potential way to address vendor cybersecurity is to state your requirements in the vendor agreement itself, either in a clause or as a separate agreement. By building cybersecurity requirements into the contract-negotiation process, you and your vendor can communicate expectations and understand vendor capabilities before you sign off on the deal.
For more personalized tips on how to address vendor security concerns for your business, you may want to consult an experienced business and commercial lawyer in your area.