We all have to trust our business partners to take security seriously, but how can we be sure they live up to our expectations? We might not have the leverage that some big companies do, but we do have some tools available to help us. In the next few posts I will discuss some tips to help address security issues with your vendors and other business partners.
First, the easy ones- ask them for copies of their privacy and security policies. Next, ask for direct security and compliance contacts (not just their regular support information). While it is important to have this information, it is also important to make them realize that you are concerned and checking up on them. We all tend to behave better when we know we are being watched.
Look over the information you receive, and note the things you don't receive. Ask questions and raise concerns. If anything is especially troubling, bring it to your employer and explain why (without hysterics) you think it is a problem.
To be continued...