Skip to main content
Find a Lawyer
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

After Target Hack, 3 Tips for Vendor Cybersecurity

By Aditi Mukherji, JD | Last updated on

Following Target's massive data breach, everyone wanted to know how it happened. We may now have an answer. It seems the Target hackers breached the chain's security systems by first using electronic credentials stolen from a vendor, The Wall Street Journal reports.

It's a cautionary tale for small business owners: Create a robust security system that extends to vendors and other interconnected business relations, or else your business could be vulnerable to a similar attack.

Here are three tips for vendor cybersecurity:

  1. Make vendor security a priority. For many companies, it's almost impossible to run a supply chain smoothly without divulging sensitive data with vendors and channel partners. But a cyberattack on a vendor that compromises your business' sensitive data may expose your company to liability. The bottom line: Your business may still be liable if a vendor is hacked. To limit your liability, assess and remedy vendor security concerns.
  2. Perform cyberattack drills with your vendors. A number of employers send fake "phishing" emails to test their employees' cybersecurity habits. These simulated tests may be effective because they are more memorable than training sessions, show how attacks work in real life, and encourage all parties to be more careful. It's not a bad idea to extend such teaching methods to vendors, too. For example, a 2012 Harvard Business Review blog post suggests incorporating vendors into internal "war games" to test your cybersecurity. It's a more interactive way to test both your vendor's -- and your company's -- ability to respond to cyberattacks.
  3. Add cybersecurity requirements into your vendor contracts. Another potential way to address vendor cybersecurity is to state your requirements in the vendor agreement itself, either in a clause or as a separate agreement. By building cybersecurity requirements into the contract-negotiation process, you and your vendor can communicate expectations and understand vendor capabilities before you sign off on the deal.

For more personalized tips on how to address vendor security concerns for your business, you may want to consult an experienced business and commercial lawyer in your area.

Follow FindLaw for Consumers on Google+.

Related Resources:

Was this helpful?

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard