• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security

Why Work with Vendors That Don’t Exhibit Cybersecurity Awareness?

If you're truly protective of your network, it's best to avoid working with vendors that don't exhibit cybersecurity awareness and don’t demonstrate cybersecurity measures in their digital interactions.

November 7, 2018 Tom LeBlanc 2 Comments

McAfee ransomware attack

If your business lacks cybersecurity discipline and cybersecurity awareness, that’s obviously a bad thing from a security standpoint. Well, the same goes for the vendors that might do work that in some way touches your network.

Can you confidently eat at a restaurant after noticing that its bathroom is a horrendous mess? Would you take fashion advice from a salesperson who is dressed tastelessly?

I wouldn’t.

Well, if part of your job is making sure that your organization’s network is protected against cyber criminals, you should not work with a contractor that doesn’t demonstrate an appreciation for cybersecurity in its digital interactions.

9 Cybersecurity Training Videos That Aren’t Boring

If a vendor exhibits reckless digital behavior, don’t let that vendor anywhere near your network.

My guess, however, is that most vendors make a habit of demonstrating “reckless” digital behavior. In doing so, they reveal their cyber vulnerabilities during interactions with their customers and prospective customers.

That’s not good.

During a presentation at NSCA’s 2018 Pivot to Profit, Rob Simopoulos of cybersecurity provider Defendify, laid out some of these reckless digital behaviors. Many are so commonly demonstrated that it’s almost like they’re hiding in plain sight within most organizations.

Here are some cybersecurity takeaways from Defendify:

Threat of working with a cybersecurity-ignorant contractor is real

Remember the data breach at Target that affected 41 million customers?

The gateway for that cyber crime was through an HVAC contractor that worked with the retailer, Simopoulos pointed out. The hackers broke into the contractor’s network and pivoted into Target’s. In fact, 60 percent of data breaches are related to a third party, he added.

That should legitimize any concern you might have about vendors’ cybersecurity knowledge and readiness.

Your company and your customers are targets

When Simopoulos asked the Pivot to Profit crowd, mostly people running AV and security integration firms, how many have had a cyber-attack at their organizations over the past 12 months, only a smattering of hands went up. Many who didn’t raise their hands are likely wrong. Simopoulos said that 68 percent of small businesses have experienced a cyber-attack over the last year and 50 percent of these crimes target small businesses.

Related: Don’t be like Zuckerberg … data privacy tips for your company 

Cyberattacks are extremely costly

We all understand the value of physical security to protect businesses. Well, the average loss in a physical burglary is about $2,000, Simopoulos said. “In a cyber-attack it’s $117,000-plus.”

You probably don’t realize how much data you need to protect

If you aren’t concerned about your contractors’ IT security, you should be. Simopoulos polled the Pivot to Profit crowd and listed elements that companies need to protect from a data perspective. Really, he said, “it’s anything you wouldn’t be willing to put on a public-facing website,” including:

  • HR data
  • Financial data
  • Employee personal information
  • Vendor prices
  • Proprietary information (e.g. related to product development)
  • Most importantly, customer sensitive data such as IP addresses, network topology, floor plans, MAC addresses, their customer information

“There’s  a lot of important information there,” he said.

Cyber-threats come from four major sources
  • Cyber-criminals (hackers, pretty self-explanatory)
  • “Hactivists” or “hacktivism” (criminals who hack for some political motivation)
  • Cyber-soldiers (they might be attacking the U.S., they might be sponsored by some state)
  • Insider threat (sometimes it’s malicious and on purpose and other times it’s a negligent insider causing a threat)
Phishing has gotten very sophisticated

While the days of Nigerian princes hitting people up for money via email aren’t over, there are far more advanced methods of phishing today. Simopoulos pointed out that phishing emails have gotten very smart. If your employees get a notification that they’re about to receive a FedEx package, it’s pretty tempting to click for tracking information. If they get a LinkedIn invitation, it’s human nature to accept it.

“Never click on an email to accept a LinkedIn invitation,” Simopoulos said. “Go to the site or the app.”

“These criminals are often very patient. They’ll take time and research your companies and who you’re doing business with,” he added.

The reality is that there is “only one way to project yourself against” phishing, Simopoulos said. “It’s to act like very email you receive is fake. If you weren’t expecting it, you have to verify it.”

Now think about your digital interactions with vendors. How often when you send an unsolicited email do they respond by verifying that the sender is indeed you?  Probably not often. But that would be a solid sign that the vendor takes cybersecurity seriously. It might make you  feel comfortable doing business with it.

Tom LeBlanc
Tom LeBlanc

Tom has been covering B2B technology since 2010. He’s editorial director for MyTechDecisions and its sister brand Commercial Integrator. Before that, he covered the residential technology market for CE Pro and wrote for sports department of the Boston Herald.

Tagged With: Cyber Attacks, Cyber Security, Training

Related Content:

  • This Week in IT, IT News, Microsoft, Google, Dell This Week in IT: Windows 11 Update, Tech…
  • Cloud THreats, Proofpoint Third Parties and Partners are Leading to Increased…
  • Google Curated Detections Chronicle Google Releases Curated Detections in Chronicle
  • Fortinet, ransomware, zero day vulnerabilities, log4shell Ransomware, Zero-Day Vulnerabilities On the Rise

Free downloadable guide you may like:

  • Shadow ITBlueprint Series: How to Reduce Shadow IT

    The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Research finds that this distributed work environment is leading to IT management blind spots and shadow IT.

Reader Interactions

Trackbacks

  1. Data Breach Incident Response Plan: 6 Essential Steps - My TechDecisions says:
    December 20, 2018 at 12:00 pm

    […] that the average loss in a physical burglary is about $2,000, but in a cyber-attack it’s more like $117,000. By any level of logic, you’re organization should be extremely focused on creating a data […]

    Reply
  2. Security Awareness for Vendors and Contractors says:
    February 4, 2019 at 9:50 am

    […] Why Work with Vendors That Don’t Exhibit Cybersecurity Awareness?, My TechDecisions […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Shadow IT
Blueprint Series: How to Reduce Shadow IT

The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Resea...

Hybrid Work webinar
Featured Webcast: Collaboration 2.0 — Where Are We Now?

In this webinar, subject matter experts discuss the transformation of the workplace, the rise of hybrid workers, the importance of open connectivit...

guide to end user training cover
Pro Tips for Conducting End User Training

Effective trainings are the glue that can make the difference following a new technology implementation that your team has spent so much time, effo...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2022 Emerald X, LLC. All rights reserved.