Recently a story from across the ditch raises an interesting question, are you aware of your supplier’s cyber security policies? And secondly, should you be?
The New Zealand Commerce Commission has been left exposed to a security breach from a third party, who had laptops containing sensitive data stolen. The issue – these stolen laptops had absolutely no password protection on them, meaning that once those laptops were powered up again, commercially sensitive records were readily available.
The Commerce Commission stated that the supplier had not met expectations for storing sensitive data, and that they were now contacting other companies who stored their confidential information to seek assurances about their security. Hindsight is a wonderful thing.
Many of us assume that because we have a great security posture, and policies in place, that the organisations that we deal with also do. It turns out that it’s not always the case.
Every business these days has at least one provider who has access to some level of our data, so we encourage you to have those conversations with those businesses about their cybersecurity policies. Think about your accountants, payroll providers, third party agencies who provide services to your customers.
We’ve made sure that you are cyber secure, so why don’t you ensure that you’re protected on all fronts?
If you’d like to talk to us more about your cyber security or how you can have that conversation with your suppliers, feel free to ask one of the team.