Third-Party Data Breaches: An Unavoidable Threat for All Businesses

Posted on September 18, 2019 by Steve Turner | Information Security Expert in Business, Business Resources, Data Breach & Technology, Small Business Protection

Corporate data breaches are nearly a daily occurrence, and it’s not only the largest, most visible companies that are exposed to the risk. Often, data vulnerabilities can stem from relationships that companies have with vendors, suppliers, partners, and other third parties. Small- and Medium-sized Businesses (SMBs) are especially vulnerable to data theft. They typically have fewer resources, lack a security infrastructure, or don’t think they are as exposed to the risk of breaches as larger organizations.

Whether targeted for their own data, or as a backdoor channel to a larger partner or client, cyberthieves often set their sights on SMBs for easy access. In fact, 58% of malware attack victims are SMBs, and almost two-thirds of all cyberattacks are directed at small businesses. The threat perimeter expands significantly when factoring in the number of other organizations that an SMBs valuable customer or financial data may flow through. Although 56% of data breaches were linked to third-party attacks in recent years, some 67% of companies don’t inventory their vendors or what information they are accessing, according to Ponemon Institute research.

Business Data Lives in Many Places

With the proliferation of SaaS and cloud-based data storage systems, it is very likely that critical data about your company sits in multiple locations with numerous access points. Every business partner keeps records of their interactions with your organization, and every firm with whom you send or receive electronic payments may have access to your financial data. How safe are their data practices? Do you know the data security policies of the businesses to which you make payments? Every time your company electronically files taxes or processes payroll potentially exposes your business and your employees to potential theft of Personally Identifiable Information (PII). How is this information processed and stored by the partners you work with? These are all data weaknesses every small business must consider in today’s digital world.

Cybercriminals Prey on Small Businesses

Small businesses may think they fly under the radar of cybercriminals. But 47% of all SMBs reported experiencing at least one cyberattack in the previous 12-month period, according to a Hiscox Small Business Cyber Risk Report. SMBs are often a gateway to larger enterprises, making them attractive targets. Remember that Target was breached in 2013 through its third-party supplier network when cybercriminals infiltrated a small HVAC subcontractor to get to its data.

Steps to Alleviate Business Risk

SMBs often lack the time, money, and expertise to detect and repel cyber threats. Still, to mitigate the risk of data theft, there are a number of baseline measures you can take:

  • Educate employees — Show them how to recognize potential threats and how to react to them. Reinforce this knowledge with regular updates, particularly when new cyberthreats are identified.
  • Harden your networks, especially for mobile — Threats to mobile devices may include rogue applications, spyware, and unsecured Wi-Fi connections, and even fake networks. Employee mobile devices used for work purposes are easy targets for cyberthieves, creating numerous gateways into your network.
  • Deploy enterprise data encryption tools — Encryption should not be limited to in-use data, but also to data at rest and in motion.
  • Develop a Data Breach Response Plan — An effective plan should draw guidance from knowledgeable security professionals, following best practices and prevention tips to protect against a data breach or identity theft incident. It will also have you ready to respond quickly in the event of a breach, reducing cost and business impact when you can act quickly.

Investing in Peace of Mind

Business Identity Theft and Mobile Security Protection solutions from Sontiq can proactively protect threats at both the individual employee and enterprise-level using our dark web monitoring and alerting capabilities. We also offer tools to identify threats from mobile devices and security risks from other endpoint devices, as well as remediation and restoration services if an incident results in identity theft. By staying on top of the latest cyber threats using best-of-breed technology and support services, you can mitigate the risk to your business as the result of a third-party data breach.

Partner with us

To learn more about Sontiq’s mobile cybersecurity and identity theft protection capabilities built specifically for small businesses, or to compare packages and buy now, visit Sontiq’s Small Business Suite, or contact us at smb@sontiq.com.

Sontiq Small Business Suite