Third-party risk is on the rise. TransUnion South Africa is one recent example, falling victim to a criminal cyber hacking group, potentially exposing personal details on millions of South Africans. Third-party risk needs to top your compliance watchlist. Any business that operates online (so every business, really) needs to be aware of third-party risk and act accordingly.

Too often, just one small mistake can lead to difficult consequences. Consider that compromised client login details or one employee forgetting to exercise caution with sensitive information can be an easy way in for criminals. The risk of phishing attacks has increased exponentially in South Africa leading to increased data breach incidences. While TransUnion is just one local example, cyber-attacks are a global problem as data has become among the most valuable of commodities.

Risk goes global

A survey on UK and US based compliance and IT risk management professionals working in the technology sector, echoes that third-party risk is a global concern. Hyperproof’s 2022 IT Compliance Benchmark Report shows a staggering 90% of respondents had dealt with a third-party issue in the last year.

Greater awareness of third-party risk

Half of survey respondents are increasing their third-party risk management budget and enhancing their third-party risk management programs. With so many of us working primarily online, there are many opportunities for a breach, without the correct compliance controls in place. For example, security measures or data clearance levels must be prioritised.

Some 63% of respondents suffered a cyber breach in the last 24 months that either disclosed regulated data or revealed personal details of clients. TransUnion SA can unfortunately relate to this difficult scenario, proving that any company can be at risk if proper precaution isn’t taken. An integrated approach to IT risk management resulted in fewer cybersecurity concerns, according to the Hyperproof survey, and can be a good step forward for any business to consider.

A cyber strategy should be central to your business

This strategy should comprise safe practice guidelines within your business. It should become an essential component of your defense plan against third-party and other IT related risks. It should be embedded within company culture to always protect the business. This no longer only includes physical safety measures, a good business plan and sound employees. A robust cyber strategy is an essential tool.

Be cyber-savvy

Following the TransUnion data breach, warnings have been issued against sharing pins or passwords. This should always apply, such as safely storing passwords and not saying them out loud near your computer. Update passwords regularly; be aware and act with caution as you scroll through your emails or messages on any device you might use. Don’t just click on anything without truly vetting it first. This principle should apply on personal and work devices. These can become interchangeable, which can enhance risks.

Any business can be impacted by third-party risk

Big businesses with many clients or those in lucrative fields might seem like more obvious targets. They can be, but it’s often through an individual, or smaller businesses that bigger cyber issues can rapidly unfold. A cyber resilience strategy is appropriate for any sized business and should be an ongoing item on your compliance watchlist. Tales of cybercrime prove why vigilance is always key.

Article by Richard Rattue, Managing Director of Compli-Serve SA