Campaigns and organizations almost always have business relationships with outside vendors or service providers. These can range from small one or two person shops that help with media, ads, or websites, to larger firms that might handle payment processing or voter data.
When you contract or engage an outside firm- or third party- your risk increases, because any risks they may have could extend to your organization. For example, if they have weak account protections and they're hacked, you could receive a phishing email that looks like it comes from your vendor- and since it looks legitimate, you click on a link. In other cases, your data may reside in their systems, so, if they are hacked and data lost, or their systems become usable due to ransomware, the harm may extend to you.
You should be asking your vendors how they handle cybersecurity for their firm.
You want to know that they are taking some measures to protect their enterprise as well as you as a customer. Also, ask how they have prepared for a potential cyber incident.
If a vendor, such as an email or social media consultant, has access to your domain (maybe even an email address from the campaign or organization), extend to them your core protections- security keys, password manager, and use of encrypted communications.
DDC partners with SecurityScorecard, a company that helps campaigns and organizations evaluate their own risk as well as third parties.
Learn more: What is SecurityScorecard? , Who should be protected?
Comments
0 comments
Please sign in to leave a comment.