3 Ways to Ensure Cybersecurity Is a Priority for the Companies You Partner With As long as cybercriminals are willing to hack into systems, corporate leaders and their teams must find and remove their cybersecurity vulnerabilities — and that includes third-party risks.
Opinions expressed by Entrepreneur contributors are their own.
The cybersecurity business has become everyone's business. It only takes one viral data breach to destroy a company's social proof and send its clients running to rival organizations in search of safer conditions. IBM estimates that the average data breach this year costs affected businesses $4.35 million, a near 13% increase since 2020. That figure doesn't include the sometimes irreversible harm to a company's reputation.
Headline-grabbing data leaks aren't limited to credit card or identity information, however. These incidents encompass anything and everything having to do with private and personal details. If you submit a car loan application, you trust the prospective lender to be a good steward of your information. When your business does business with another company, you similarly expect the same level of security.
In the financial services world, we're held to high standards of security where even the smallest misstep must be reported to several entities. Ours certainly isn't the only industry facing tremendous expectations when it comes to prioritizing the importance of cybersecurity in business, either. It's become mission-critical across the board.
There can be a surprising upside to so much rigidity and concern, though. If you're doing a great job and implementing the strongest, most reliable cybersecurity solutions for businesses, you have the opportunity to make your protocols a differentiator. When customers see "social proof" of something, they tend to trust what they see. Yet, you can't tap into this social proof if you don't control all your cybersecurity business elements, and that includes how proactive and protective your partners act with your shared data.
Lowering risk exposure starts from the inside
As mentioned above, we're in the financial services world. To maintain our license, we must use advanced data encryption tools and technologies. Encryption is essential during the process of buying currency online because so much personal information moves back and forth, including a high degree of money-related data like bank routing numbers.
We also must follow BSA/AML compliance guidelines to the letter, just like any financial institution. Therefore, we have a BSA compliance officer who handles all compliance coordination, monitoring and oversight. The BSA compliance officer serves as a critical player in assuring regulatory entities, board members, customers and the public that we're doing what needs to be done when it comes to lowering our risk exposure.
Opening a money service business like ours is difficult. After taking so many steps and performing intense due diligence, we're understandably careful about the partners we choose. You should be, too, as one bad apple can ruin the entire bunch.
Know exactly who you're doing business with
All companies — especially MSBs, or money service businesses — need to be vigilant and put strategies in play to reduce the chances of a breach. A lot goes into building such a comprehensive, cohesive protection plan. Running online business transactions on a private server and implementing data encryption processes are the minimum requirements to get off the ground, but that's just the start.
Beyond those necessary action items, companies of all sizes should consider leveraging the following methods to make certain that anyone with access to even a sliver of your data believes in safety as strongly as you do:
1. Vet each partner on basic compliance
Foundational elements to review thoroughly include having up-to-date security certificates, performing detailed security audits, using a VPN to fully protect browsing data and getting federal agency approval when necessary. If a potential partner is cutting compliance corners — intentionally or otherwise — you'd be better off continuing the search until all of your concerns are alleviated. Don't settle for less than the best.
It's important to treat each potential partner with the same level of due diligence, as threats and attacks can come from small startups and big corporations alike. The Verizon Business 2022 Data Breach Investigations Report found that 62% of "system intrusion" incidents originated with an organization's partner. And the Ponemon Institute reported that 54% of organizations were "not monitoring the security and privacy practices of third parties that they share sensitive or confidential information with on an ongoing basis."
That's hugely concerning. Opportunistic cybercriminals are always looking for the weakest link in the supply chain, after all.
2. Check for third-party verification
In the complicated digital reality we all live in, honesty can be at a premium. This can be especially true when verifying the real identity of a person — or the motives of a potential vendor. Enter third-party providers who use a variety of tactics to drill down to the actual, accurate identities of customers who might attempt to make a financial transaction or businesses that want to join forces. These third-party testers do the thankless work of monitoring platform security and infiltration.
My company, Xchange of America, uses a third-party verification service to authenticate customer identities by specific inputs. A series of four random verification questions that only the true person would know are asked, such as the make and model of previous vehicle(s) owned, street names where the customer previously lived and previous employer(s). Confirming these unique details keeps nefarious actors at bay and prevents sales fraud.
Different industries will perform third-party verifications differently than ours, but the importance is the same for every company. Do your partners employ thorough third-party verification tactics? Stipulate that they do.
3. Demand full transparency
What happens if you start to ask questions of your partners and run into brick walls? This may be an indication that they're not being forthright. You want partners who welcome questions because they have nothing to hide. For example, all money service businesses like ours must be registered and licensed in the states we operate in. If a potential partner is required to have certain registrations, licenses or permits and doesn't, that's a major red flag.
Be persistent when it comes to getting the compliance answers you seek. Don't be hesitant to ask pointed follow-up questions, such as how data encryption works at a partner's company. Data breaches can be thwarted if information is always encrypted, whether it's in motion or in storage.
Dropbox is an example of a company that takes data encryption (and protection) seriously. According to Dropbox's help center, files at rest are encrypted using 256-bit Advanced Encryption Standard (AES). The company also uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit between Dropbox apps and its servers, among many other layers of protection.
You deserve to know the level of data encryption of any associated organization, not just that they have "some kind of encryption." Dropbox's transparency in that regard should serve as the rule, not the exception.
As long as cybercriminals are willing to hack into systems, corporate leaders and their teams must find and remove their cybersecurity vulnerabilities. Just make sure that you're not just looking at ways to improve your own cybersecurity. Insist that all companies you do business with also treat it as a pressing priority.