Select Page

Several universities recently became victims of a data breach as a result of vulnerabilities within file transfer software linked to an IT security company. It begs the question as to whether or not universities can be impacted by a security breach from an IT vendor, and the answer appears to be a resounding “yes.”

The consequences of such a breach can be devastating. This most recent breach caused sensitive information from the affected universities to be available on the dark web, leaving staff, students, and faculty vulnerable to fraud and identity theft. 

How Do You Guard Against Third-Party Risk?

We talked about the implications of third-party vendors on PCI compliance and risk in our two-part series here and here. There are steps that you can take to ensure that you’re operating within PCI compliance guidelines and minimizing the risk associated with your vendors. Here are some guidelines for avoiding breaches and other security issues via third-party vendors. 

Properly Analyze & Evaluate Vendors

One vendor misstep is all it takes to compromise your network. Start by evaluating your vendors and analyzing what data they have access to. Be sure they are using secure access methods and also tighten endpoints to reduce your security risks. Your vendors’ security and compliance protocol should be aligned with yours. Evaluate each vendor to see whether they have been breached before and how they addressed the issue. See what security protocol they have implemented to ensure that their security management policies are appropriate to keep your organization PCI compliant. 

Make Reporting & Auditing a Priority

Building relationships with secure and trustworthy vendors means making auditing and reporting a priority. This is beneficial for both internal uses as well as for external auditors. Monitoring third-party access allows you to identify any vulnerabilities and take remedial steps immediately. Automation of these processes can save time and money while streamlining security, so consider implementing a vendor access management platform that enables automation. 

Optimize Controls

Your vendors’ security controls should align with your own requirements and you should conduct a thorough assessment of your vendors’ state of security. The next step is to enact powerful controls over access provided to third parties, including what data your vendor contacts can view on your network. Lack of oversight in this area can lead to increased risk, but control over vendor access can significantly reduce the possibility of a third-party data breach. 

Emerging technologies, greater connectedness, and more vendors often mean more convenience and streamlined operations — but it also means a broader attack surface for bad actors. All it takes is one kink in the security chain to put your entire organization at risk, leading to regulatory fines and issues, reputational damage, and financial losses. Guarding against breaches and other risks means rigorous adherence to PCI guidelines and ensuring you — and your vendors — are following security best practices. 

Worried about the scope of these responsibilities and looking for some guidance and support? Contact us today to learn more about how we can help you manage and streamline PCI compliance. 

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

Higher Education’s Guide to Cryptocurrency

Higher Education’s Guide to Cryptocurrency

According to Coinbase, twice as many students report having taken a crypto course in 2019 and 41 of the top 50 universities have at least one student-led crypto and/or blockchain club. As people around the world continue to learn about and invest in cryptocurrency,...

How Ecommerce Merchants Can Avoid Falling Victim to Carding

How Ecommerce Merchants Can Avoid Falling Victim to Carding

Carding occurs when bad actors use large volumes of stolen credit card data to attempt to make small purchases on an ecommerce website. It’s sometimes referred to as credit card stuffing or just plain old fraud, and it’s bad news for eCommerce merchants.  What Does...

5 Cybersecurity Facts to Know in Higher Ed

5 Cybersecurity Facts to Know in Higher Ed

Data breaches have become an unfortunate part of life, and cybersecurity is now more important than ever. Many universities are struggling to adapt to managing data sprawl, cloud services, and a variety of digital payment methods. As things only become more complex,...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery