All businesses in the United States, regardless of whether they are small businesses or large corporations, depend on third party vendors at some point for some sort of goods or service. Whether you need to outsource your billing, accounting, advertising mailers, printers, or even critical office systems like HVAC, at some point you are going to be doing business with another company. Unfortunately there’s a good chance that other company could cause your company to have a data breach - 63% of all data breaches are caused by third party vendors. The even worse news is that even if you are not responsible for causing your company’s data breach, you will be responsible for cleaning it up, an expense that could cost you your business.

Choosing third party vendors who are trustworthy but who are also certified to handle the data with which you are entrusting them is crucial to protecting your business from unnecessary monetary and reputational expense. It’s one thing to say you are compliant with a given set of regulations - anyone can say that - but it is quite another thing to actually be certified in compliance with those regulations. Think of the healthcare industry as one example. These are some of the most costly records to clean up at around $355 per breached record. If you run a small medical practice and outsource your patient reminder card mailers to a company that says they are HIPAA compliant but who doesn’t hold a certification in HIPAA compliance, that could be the beginning of the data breach that puts your medical office out of business.

There are as many different certifications as there are industries, so no matter which industry you are in you will be able to find compliant vendors who will help protect what you have built rather than leaving you to clean up their messes. Data breaches can be extremely costly to clean up no matter which industry you are in - last year the average cost for data breach cleanup ran $4 million. Only working with certified third party vendors closes the largest gap in your company’s information security needs, but that’s not the only step you should take.

Do a security audit to ensure that employees only have access to what they need and nothing more. Ensure that employees use adequately secure passwords, change them frequently, and never share or reuse them. Update all software, including antivirus software, whenever necessary to patch any security issues that may have been discovered. Make sure that all data is stored properly according to its level of sensitivity and that anyone handling it is trained to do so.