Vendor Risk Management

4 Industries That Should Be On Your 3rd Party Risk Management Radar

Melissa Stevens | July 30, 2015

Your organization probably deals with handfuls (or maybe hundreds) of vendors. Whatever the case may be, having a comprehensive third-party risk management solution is the best way to protect yourself against cyber mischief.

But with as many vendors as most organizations typically work with, how do you decide which companies to monitor? It’s simply not possible to monitor them all—but which are the most important?

While this can only be answered on a case-per-case basis (as it varies greatly by company and by industry), there are several industries that you should be monitoring no matter what. To give you a leg up on your quest for better vendor risk management, below are the four most important industries to have on your radar.

The 4 Industries That Should Be On Your Third-Party Risk Management Radar

1. Finance

Every organization needs a bank. And banks have a great deal of information about their customers. So it comes as no surprise that you should be continuously monitoring the security of your financial institutions to be sure that your information (and your money) remain secure.

Historically, the finance industry has been a top-performing industry as far as cybersecurity is involved—but that doesn’t mean banks haven’t had security issues. For example, 76 million households were affected by a 2014 cyberattack on J.P. Morgan Chase. This particular breach went unnoticed for two months, as the hackers breached the system regularly for short periods of time. If such a large financial institution has a hard time monitoring their cybersecurity, it makes you wonder about the security posture of smaller banks and credit unions, and whether they have the right systems in place to be able to stop any security breaches before they happen. So, just because finance has been a top performer in the past, it's still vitally important that every organization keeps their eye on this industry.

2. Legal

Virtually every organization will use a law firm or lawyer for something. Whether it’s for patenting their latest product design or providing counsel, having a law firm at your side is vital if you’re going to successfully grow a company. But due to the nature of their job, lawyers have a great deal of access to legal documentation, ongoing litigation, or other sensitive information that simply cannot go public.

One reason why legal counsel should be on your third-party risk management radar is because unlike the banking industry, law firms aren’t closely regulated like the government. This gives them free reign on how seriously they take cybersecurity and the precautions they take to protect your sensitive data.

3. Technology Cloud Providers

With the advent of cloud technology, more company data from software systems is being stored online. While this is an important technological advancement—one that makes the usability of business software far better—it opens the door for data security issues.

Download Guide: 5 Ways Vendor Risk Management Programs Leave You In The Dark Consider a customer relationship management (CRM) software system, for example. CRMs house an organization’s entire sales pipeline and forecast. If the third-party software provider is breached, your organization’s sales information (and possibly those of your competitors) could fall into the wrong hands. Or, think about automated human resources (HR) software that is stored in the cloud. If the data stored by that particular third-party software provider is breached, the sensitive information of your employees—including social security numbers, payroll, benefits, insurance information, and more—could be spread around freely online. (This is similar to what happened in the Office of Personnel Management (OPM) breach, where hackers were able to get HR information about the U.S. Government.)

So, monitoring cloud vendors to be sure that they have adequate security protocols in place is vital. If you don’t, and one of those third parties is hit with a cyberattack or leak, a lot of the sensitive information on your business processes (or your employees’ personal information) could get out.

4. Business Services

Because business services is an all-encompassing designation for many smaller industries, we've broken it down into two subgroups that are vitally important to monitor.

Accounting Firms

While most large (and some small and midsized) businesses have a finance team on-hand for day-to-day projects, many outsource large-scale projects—like their taxes—to experienced accounting firms. Understandably, an accounting firm must keep any and all tax records secure from cyber mischief. According to an interview with several tax experts posted in the Journal of Accountancy, a “storm is coming” in the area of cybersecurity. All three experts agreed that there are concerns in the accounting realm with sharing sensitive information on the cloud because of cybersecurity threats.

Payment Processors

If you deal with e-commerce at all, payment processors (from large firms, to online payment systems) are a good addition to your third-party risk management watch list. Historically, some of the largest payment processors have had security issues—just look at Heartland Payment Systems, which hackers gained access to in 2009 and pulled off one of the largest cybersecurity attacks in all time; over 100 million credit and debit cards were stolen. (In fact, they were just recently involved in yet another security breach.) So, it’s clear that keeping a watchful eye on your payment processor and their cyber health is worth it.

Something To Think About

It’s fairly obvious why we chose the four industries we did. Nearly every organization deals with vendors in the finance, legal, technology, and business services industries.

But if one industry gets hit with a cyberattack and your information becomes compromised, you’re not just going to suffer from one angle. Why? Because chances are, several of your other vendors, partners, or other companies in your industry probably use the same bank, CRM system, or payment processor. So information that other third parties have may become compromised, as well—putting more of your data at risk.

Proper third-party risk management gives you a more complete defense system. And with the top-of-the-line continuous monitoring solutions available, you will feel far more prepared and significantly less vulnerable.

Download Guide: 5 Ways Vendor Risk Management Programs Leave You In The Dark (& What You Can Do About It)

Download Guide: 5 Ways Vendor Risk Management Programs Leave You In The Dark We've drilled down into areas that vendor risk management programs leave a little vague. 

Download the guide to see if you've considered these critical areas of vendor risk management.


Suggested Posts

Do You Have The Right Vendor Management Policies?

If you’re experiencing frustrating delays and procedural roadblocks during your vendor management process, you’re not alone. Security managers are seeing an increase in the number of third-parties integrating with their business, and ...


3 Ways To Make Your Vendor Lifecycle More Efficient

During this dynamic and stressful workplace environment 2020 has brought us, finding the most efficient ways to perform in your job has never been more important. When it comes to managing your vendor lifecycle, there are three ways you...


How To Mature Your Vendor Risk Management Program

There are layers of uncertainty plaguing security professionals when it comes to the time, money, and energy they spend focusing on their third-party risk management systems. Without the proper tools and analysis, it is hard to know if...


Subscribe to get security news and updates in your inbox.