Minimizing Third-Party Vendor Risk


Suggestions for safely streamlining your business operations

What do General Electric, Marriott, and Instagram have in common? Each of these industry leaders were impacted by data breaches involving third parties in 2020. 

In addition to the reputational damage to each company, these incidents exposed the personally identifiable information (PII) of customers (Marriott), employees (General Electric), and users (Instagram). Security Magazine reported in May 2021 that more than half of all organizations have been harmed by data breaches involving a third party. While high profile third party technological intrusions are highly concerning, several additional pain points of third party collaboration warrant equal concern.

Evaluating a potential partner’s reputation is challenging enough when they are located in the same country and crossing borders further complicates the task. As convenient as sites such as Google Reviews are, their information can be easily manipulated by nefarious actors, including the reviewees themselves. In addition to verifying that a company is properly registered and not subject to regulatory action, an experienced due diligence provider can utilize local contacts to provide a comprehensive understanding of a subject entity. 

A trusted local partner can:

  • Verify an entity’s addresses. (Is a virtual address being used?)
  • Check for indicators of concern (Are employees present? Is the site in disrepair? Any allegations of corruption?)
  • Verify claims made in marketing materials (Is child labor being utilized?)
  • Confirm a name (Were any prior names used? Are trade names used?)

Confidence in a potential business partner can be enhanced through the use of discreet source inquiries. Carefully considered conversations with local industry leaders and trade organizations can substantiate or contest positive media coverage and polished marketing materials.

When vetting a prospective partner, find out which systems and employees will have access to your company’s and clients’ sensitive information. A third party vendor may have elaborate physical and informational security, however, the best laid plans can be thwarted by a compromised employee. Incorporating due diligence investigations into the onboarding of key employees coupled with regular refresh checks serves as a powerful deterrent to insider threats.

Convenience, expanded capability, and reduced costs make the use of third party vendors a highly attractive option for companies across a wide range of industries. Prioritizing caution ahead of convenience when exploring a partnership with a third party vendor demonstrates a company’s commitment to its values, employees, and clients. Furthermore, carefully considered vendor vetting protects a firm’s reputation and profitability against irreparable damage. Before engaging a third party vendor, consult with Vcheck Global’s investigative professionals to set the stage for a successful partnership.

Seth Harlan is Senior Associate, Market & Regulatory Affairs at Vcheck Intelligence.

Get in Touch

Get in touch with our team.
We can’t wait to hear from you.