Make sure those vendors are securing their own computers and networks. For example, what if your accountant, who has all your financial data, loses his laptop? Or a vendor whose network is connected to yours gets hacked? The result: your business data and your customers’ personal information may end up in the wrong hands — putting your business and your customers at risk.

• Put it in writing
  Include provisions for security in your vendor contracts, like a plan to evaluate and update security controls, since threats change. Make the security provisions that are critical to your company non-negotiable.
• Verify compliance
  Establish processes so you can confirm that vendors follow your rules. Don’t just take their word for it.
• Make changes as needed
  Cybersecurity threats change rapidly. Make sure your vendors keep their security up to date

See next post for What To Do…

https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/vendor-security