Care should be given to cybersecurity issues when procuring products and services from suppliers, particularly when company data will extend beyond the perimeter of the company network. Hackers are constantly searching for or developing innovative ways to acquire information from companies. In recent years, hackers have discovered that it can be easier to find vulnerabilities in suppliers to companies with valuable data than to attack companies directly that may have a more robust intrusion prevention system and more resources to investigate security incidents. Accordingly, Kirkpatrick Law has provided guidance on five cybersecurity issues when negotiating agreements with vendors. 

Cybersecurity issues with vendors include:

1. Vendor’s Information Security Program
2. Security Standards
3. Data Breach Insurance
4. Security Audits
5. Information Security Warranty

Understanding how to effectively address these issues with a company’s vendors can be helpful in improving the security of the company itself. Although data, whether intellectual property, trade secrets, proprietary information, or sensitive personal information, may be accessed outside the company’s network perimeter, the security  of the data is not necessarily out of its control.

Brian Kirkpatrick will discuss at the North Texas ISSA Cybersecurity Conference this week about how to mitigate cybersecurity risks in vendor agreements. The five issues above will be discussed in more detail. In addition to being able to identify deficiencies in these area when hiring vendors, companies can benefit by having a technology attorney experienced in cybersecurity matters to review vendor agreements and address these and other information security issues that could pose significant data and accessibility risk.