News From the World Wide Web

Your biggest cyber threat might not be inside your walls by NH Business Review for Eric Anderson

Your biggest cyber threat might not be inside your walls by NH Business Review for Eric Anderson
Eric Anderson

Eric Anderson

What Is Third-Party Risk?

Third-party risk refers to the cybersecurity risks associated with companies you work with.

Examples of third parties:

  • Your IT or cloud provider
  • A payroll or HR service
  • A marketing firm that uses your systems
  • Any vendor with access to your data or tools

If one of them has weak security and gets hacked, the attackers may gain access to your systems and data as well.

A Real-World Example: SolarWinds

One of the most well-known cyberattacks happened through a vendor called SolarWinds.

Hackers placed malware into a software update. That update went out to thousands of companies, including big government agencies and Fortune 500 firms. The attack spread quietly, and no one knew it was happening.

These companies weren’t hacked directly—they were affected because they trusted a vendor that got compromised.

Why Vendor Risk Is So Serious

Even if your company has great security, vendors can open the door to risk. Here’s why:

  • You don’t control their systems
  • They often have access to your data
  • Access is often left on too long
  • You assume they’re secure

What Can Go Wrong?

If one of your vendors is breached, your business could face:

  • A data breach
  • System outages or shutdowns
  • Legal problems or fines
  • Loss of trust from customers
  • Serious damage to your brand and reputation

And even if it wasn’t your fault, people will still hold you responsible.

What Your Company Can Do

The good news? You can manage third-party risk without becoming a cybersecurity expert. Steps your company can take:

1. Know Who You Work With

Keep a list of all vendors, contractors, and partners who:

  • Use your systems
  • Have access to your data
  • Provide technology or cloud services

2. Sort by Risk Level

Some vendors are riskier than others. For example:

  • A cleaning service is low-risk
  • A cloud storage provider is high-risk

Start by focusing on the vendors that could cause the most damage if something went wrong.

3. Ask the Right Questions

Before hiring a vendor—or renewing a contract—ask:

  • Do you have cybersecurity policies?
  • How do you train your employees?
  • Have you had a breach before?
  • How would you alert us if something went wrong?

4. Limit Their Access

Only give vendors the access they need—and no more. Remove access when:

  • A project ends
  • An employee leaves
  • Access is no longer required

5. Add Security Language to Contracts

Make sure your contracts with vendors include:

  • A requirement to notify you if they get hacked
  • Minimum security standards
  • Rules about how they handle your data

6. Review Regularly

Cybersecurity isn’t one-and-done. Check in on vendors at least once a year:

  • Who still has access?
  • Are they following security best practices?
  • Has anything changed?

Everyone Plays a Role

You don’t have to work in IT to help keep your company safe. If you work with vendors, manage contracts, or bring on new partners, you have a part in reducing risk. Ask smart questions. Share your concerns. Remember, cybersecurity is a priority for the entire business, not just IT.

A company’s security is only as strong as the people and businesses it works with!

You can’t control everything your vendors do—but you can make sure you ask the right questions, set the right rules, and stay involved.

Because at the end of the day, keeping your business safe is everyone’s job.

Eric Anderson is a New Hampshire-based technology executive who translates real business challenges—like compliance, risk, and operational inefficiency—into practical, scalable technology solutions for small to mid-sized businesses. 

Categories: Cybersecurity
FromAround TheWWW

A curated News Feed from Around the Web dedicated to Real Estate and New Hampshire. This is an automated feed, and the opinions expressed in this feed do not necessarily reflect those of stevebargdill.com.

stevebargdill.com does not offer financial or legal guidance. Opinions expressed by individual authors do not necessarily reflect those of stevebargdill.com. All content, including opinions and services, is informational only, does not guarantee results, and does not constitute an agreement for services. Always seek the guidance of a licensed and reputable financial professional who understands your unique situation before making any financial or legal decisons. Your finacial and legal well-being is important, and professional advince can provide the support and epertise needed to make informed and responsible choices. Any financial decisons or actions taken based on the content of this post are at the sole discretion and risk of the reader.

Leave a Reply