Security Awareness for Vendors and Contractors

Introduction

Security awareness is of utmost importance in today’s business world. Your current organization most likely has a security awareness program and practically everyone else’s does as well.

What you may not realize is that security awareness is also essential for vendors and contractors that work with your organization. This article will detail the importance of security awareness for vendors and contractors and will give some insight into various considerations regarding your organization’s security awareness and which apply to your vendors and contractors.

Why You Should Care

Working with vendors and contractors is something that nearly every organization has to do in one form or another. You may be asking: why would security awareness for my vendors and contractors impact me? Simply put, you may be liable for their actions and this liability can cost your company big.

Third parties, including vendors and contractors, were responsible for sixty percent of data breaches in 2015 and these breaches potentially affected more than 41 million individuals. These breaches are caused by the actions of the vendor or contractor’s employees and can be correlated with a lack of an efficient security awareness program. Additionally, a report conducted in 2014 found that:

  • 59% of employees store sensitive organization data in the cloud
  • 58% store sensitive organization data on their mobile device
  • 35% have clicked on an unknown email attachment sent by an unknown individual
  • 33% use the same password for both work and personal purposes

This is just the tip of the iceberg for these statistics and in the end, these figures all boil down to one thing: security awareness is needed for vendors and contractors.

Considerations

Before you begin working with any subsequent vendors or contractors, take the following points into consideration when judging the vendor or contractor’s security awareness fitness.

1. Do (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/k-GgjNyUAc0/