Companies and vendors must coordinate to combat cybercrime

June 15, 2022
Service providers must have reliable measures to prevent breaches and address an organization’s security needs

To meet customer needs around-the-clock and around the world, organizations competing at the speed of modern business must be wise about partnering with third-party vendors. While speed is essential in keeping up with competitors, making haste when selecting vendors and overlooking security vulnerabilities puts companies at risk of cyberattacks that can ruin operations and reputations alike.

Businesses must perform due diligence when seeking outside services, making sure those operations function securely and ensuring the same vital protection to the companies they serve.

Cybercrime Keeps Coming

Cyberattacks are the modern equivalent of cat burglars of the past. The big difference is that digital criminals function across borders and average a heist every minute of every day. Even nation-states involve themselves in attacks, so companies and their vendors must be hyper-vigilant to protect their own data and the customer information they gather. Prudence is compulsory, with an average attack costing $3 million and taking nearly a year to discover and remedy.

Companies and their vendors must view cybersecurity as a combined effort because the breach of a vendor’s platform can have the same debilitating impact as the company getting attacked directly. So, when businesses begin searching for outside services, their review must be thorough enough to eliminate questionable or unsecured vendors from consideration and select only the services that demonstrate dedication to securely gathering, storing, reporting, and retrieving information.

A majority of consumers are concerned about having their personal information stolen, and nearly half question companies’ ability to handle their data ethically. Thirteen percent of workers don’t even trust their employers to properly safeguard their data. With consumers on high alert, there’s simply no wiggle room for an organization to be complacent with data security.

Companies must take deliberate steps to protect themselves and receive the same commitment from their vendors.

Gather Viewpoints

When exploring partnerships with third-party vendors, first inform every segment of the company that prospective vendor reviews are underway and keep them aware of the vetting as it progresses.

Departments that will be directly affected by the vendor’s normal operations should have a seat at the table and a voice in the selection. For example, in the business of finding a machine translation solution, the groups are typically asked to weigh in on security needs and responsibilities including information technology, customer experience, sales and marketing. Because their day-to-day involves handling customers' personally identifiable information, their involvement is non-negotiable.

Setting the stage for and consistently maintaining intentional communication like this, both in advance of a review and once within it, will help bring to the forefront areas of interest or concern that should be addressed by the new vendor. Covering all the bases and setting expectations before any deals are signed will also help make the selection decision clear-cut. It often weeds out providers who can’t attain the level of service and security the entire organization requires.

It’s best to have these clear expectations determined well before signing any deals. If an area of the organization is in the dark during the selection process, it can manifest afterward as an unforeseen gap in security that could have been avoided.

Seek Certification and Compliance

At the same time that departments are weighing in on vendor needs and expectations, the selection group must be communicating similar information with prospective service providers. Review their qualifications and operational procedures as well as their functionality and compliance standards and obtain up-to-date certifications that reflect their dedication to maintaining security and regulatory standards.

When considering third-party vendors, a company’s process should resemble the efforts that go into reviewing job candidates. Do these service providers place high importance on standards, conduct, and ethics, communicate transparently, and take responsibility for their decisions and actions? Ultimately, third-party vendors will be representing the company that hires them for service, so organizations should expect the vendor to meet their standards.

Importantly, be receptive to viable vendors making similar inquiries about the company. Reliable third-party service providers want to know they’re working with dependable organizations too. They should have their own set of minimum standards to look for in the businesses they serve. If a company seeking third-party vendors has significant security gaps in its existing operations, a service provider should be asking pointed questions to assess just what they’re getting into.

Clear Communications

Communication is paramount when a third-party vendor is under consideration, both throughout its selection and when an agreement is reached. The company should clearly communicate expectations just as the vendor should lay out an unambiguous set of deliverables. Successful companies demonstrate active and transparent two-way communication among departments, and employees should expect and maintain similar engaged connections with vendors.

The sooner this level of service is gained — and assessed — the sooner an organization will recognize which prospective service providers are comfortable making this commitment and which will fall short. In other words, deciding which vendor to align with becomes more apparent.

Security Never Rests

Once a third-party provider begins service, security assessments must be woven into regular management oversight. Even if set-it-and-forget-it tooling is involved, it’s crucial that data security is operating at or above agreed-upon standards and that benchmarks are in place to help make assessments and report on performance.

Organizations and their vendors should have a regular schedule for security reviews. Third-party providers should also be receptive to drills or mock scenarios that improve companies’ security postures and help identify weaknesses to resolve.

Combined and Coordinated

Striving to improve is at the heart of every great organization, big or small. This overwhelming desire to get better may lead organizations to hold on to information to refine their customer data or enhance customer service over time.

In the world of machine translation, such actions are inherently risky and must be avoided.

Keeping customer data in a database or log files with the goal of using it to improve translation quality subjects that data to risk of breach. This is why the safest machine translation solutions refuse to hold onto customer data and have in place mechanisms to improve translation quality over time without depending on consumer PII. This straightforward example demonstrates how a reliable third-party vendor provides critical service and guides a company to reduce security vulnerabilities. It also shows the benefit of working with vendors that emphasize protecting clients’ PII, financial data, and other sensitive information.

Service providers must have reliable measures in place to resist and prevent breaches and address an organization’s security needs.

Cybercriminals tinker with their own apparatus and try new methods to get around the latest defenses. In turn, organizations must engage in regular, frank evaluations of their in-house security practices and with vendors. At its highest level of engagement, a synergy of the organization’s entire data operations will function seamlessly and securely with all outside vendor services.

About the Author

Heather Shoemaker is the chief executive officer and founder of Language I/O, an AI-enabled translation platform providing multilingual customer support over email, article and chat translation in more than 150 languages. Shoemaker is the mastermind behind Language I/O’s core technology, which eliminates expensive, time-consuming neural machine translation training by dynamically selecting the NMT engine that best translates content while imposing company-specific terminology onto any engine integrated into the cloud solution.