The more valuable data becomes, the more thieves want to steal it.
This year alone has already seen more than a dozen high-profile data breaches. Everyone from Arby’s to Verizon (VZ) to the IRS has been the victim of a breach, and with many companies still not prioritizing data safety, these attacks aren’t likely to stop.
To protect themselves, companies must vet their vendors carefully to prevent shoddy security practices from letting their data fall into the wrong hands.
How to Vet a Vendor
Data theft isn’t new. Even Thomas Edison “borrowed” the invention of the lightbulb from the work of others. As long as companies hold proprietary data and intellectual property, the threat of a breach will loom.
Use these three strategies to determine whether a prospective vendor offers the security you need to keep your information secure:
1. Ask for current references. Every vendor that works with data should be ready to provide a minimum of three references, preferably five. If no one else will vouch for a company’s security, you likely won’t be the first person to be pleased with the service.
The best vendors have long lists of happy clients eager to testify on their behalf. Don’t listen to salespeople; listen to customers who have no financial incentive to convince you to make a purchase.
Many vendors offer low prices to close deals, and then turn around and leave data unguarded. In this case, as in all others, you get what you pay for. Cheap companies will not have many happy clients, but vendors that charge a fair price and provide exemplary security will have several.
When you speak to current clients, ask what made them choose this vendor over others. Do they have any regrets about the relationship? How long did it take to see results, and did the vendor keep a tight schedule? Ask whether the client has experienced any issues with data security, and if so, find out how the vendor responded to the situation.
By posing open-ended questions and allowing client references to speak freely, you can see through the sales pitch and decide whether a vendor is all it claims to be.
2. Read online reviews. When you can’t speak to clients directly, look at what they put online for everyone to see. In addition, check out the state sites that list articles of incorporation in case the vendor changed its name or had filings against it.
Online review sites like Yelp are the modern equivalent of friendly recommendations. Most companies, even B2B ones, receive online reviews from their customers. Take them with a grain of salt — remember, the type of people who leave online reviews lean toward the cranky side — but pay close attention to security complaints.
Does the company respond to allegations of misconduct or lax processes online? If not, be wary. A company that fails to protect its own image probably doesn’t treat customer data with more care.
3. Check employee reviews. Customers aren’t the only ones talking; former employees leave reviews on Glassdoor, and their insights can shed light on problems you might not see otherwise.
If several employees review the company poorly (and not just a couple of serial complainers), it could be a sign of recurring internal issues. When morale is low, employees sometimes lash out, and no one is better positioned to misuse data than the people within the company.
Beyond Glassdoor, check out LinkedIn (LNKD) and reach out to industry connections to learn more about the inner workings of a potential vendor.
Read every review with a skeptic eye, but if you spot a trend, take it seriously. Thoroughly research vendors to determine whether they can be trusted with your data and the data of your customers.
It only takes one minor slip to declare open season on information for hackers and opportunists. Don’t add your company’s name to the list of businesses affected by data breaches. Follow these strategies to verify vendors before you sign and provide your company and clients with the security they deserve.
Ben Walker is CEO of Transcription Outsourcing, which provides user-friendly, high-quality, and cost-effective transcription services to organizations all over the United States. It specializes in the medical, legal, law enforcement, financial, and general business industries. A resident of Denver, Colorado, Ben enjoys tennis, hiking, and watching college football.
