Business owners and CEOs of midsize and small companies began to pay attention to the threat of cybersecurity after the infamous Target data breach. While the headline talked about Target being hacked, astute observers recognized the hacking did not go directly through Target – it went through a third party vendor. That vendor was an HVAC company. Target had strong security, but apparently not all of its third party vendors did, which allowed hackers to tunnel into Target’s corporate computers using access available to third parties who had lower security.
As a business owner or CEO, you can ensure your team addresses each of the important areas to avoid a catastrophic loss of your company through a cybersecurity attack leveled at you or one of the third party companies you are partners with. Increasingly, large companies are requesting, as part of the request for bid process, documentation about how your company is avoiding cybersecurity problems through reliable IT measures.
In a large organization, IT directors and CIOs generally do not have current knowledge to comply with the technological and legal requirements of doing business with large companies like Target. Usually, they hire outside help. This help typically comes in the form of a high level IT consultant, not an attorney nor an outsourced IT company. The issues are too complex for attorneys and the strategy development is too complex for most outsourced IT companies. This has created a niche of high-level consultants who create IT strategies for companies to comply with federal regulations that govern clients of the company. Companies that can demonstrate legal compliance and solid defenses against cyber threats stand a better chance in the request for proposal process.