• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
  • TPRM by ThirdPartyTrust
  • Beacon by ThirdPartyTrust
  • Solutions
  • Risk Assessment Automation
  • Security Questionnaire Automation
  • Shadow IT Management
  • Zero Day Remediation
  • Integrations
  • Industries
    • Financial
    • Energy
    • Healthcare and Hospitals
    • Legal
    • Life Sciences
    • Manufacturing Industry
    • Retail
    • Technology
    • Other Industries
  • Pricing
  • Resources
  • Blog
  • Strategy Guides
  • Case Studies
  • Data Sheets
  • Webinars
  • Dictionary
  • API
  • Company
  • About us
  • Careers
  • Partners
  • Partners Login
  • Product Security
  • Privacy Policy

Are passwords important to vendor risk management tools?

Published by Chris Gerben on March 10, 2022
Categories
  • Blog
Tags
  • TPRM Best Practices
passwords vendor risk management tools

Companies and third party vendors researching vendor risk management and vendor risk assessment tools for the first time are usually motivated by Zero Day (or 0 day) attacks that make the most noise in news and corporate circles.

Cyberattacks, ransomware, and vulnerabilities are so common (and so scary) that it’s easy to understand why CISOs and cybersecurity managers are expected to focus on these big threats.

But just below the major headlines, it’s easy to overlook another–more common–cybersecurity risk: data breaches. Data breaches are events where an unauthorized person gains access to sensitive data and discloses it. In essence, anytime an attacker is able to view, edit, and/or share someone else’s private data, it’s a data breach.

What data breaches lack in headline power, they make up for in staying power. According to Fortune, data breaches are steadily increasing, with 2021’s total reported breaches surpassing 2020’s by October. If trends continue, 2022 (and beyond) could be another record-breaking year for data breaches.

What do data breaches have to do with passwords?

Data breaches are often thought of as “hacks.” The problem with such terminology is that it can give the impression that unauthorized parties are forcefully gaining access to data through some back door (perhaps a flaw in the code or embedded malware.) While that may indeed be the case, these attackers would much rather use the front door of company systems.

Passwords are the vulnerable front door to a company’s data.

Passwords–whether alphabetic, numeric, or alphanumeric–are the piece of cybersecurity that we and our employees use every single day. Most of us can’t even open our phones without entering a password (or a passcode as the case may be.) While some of us use features like  FaceID or Touch ID to access our systems and our data, the simple combination of letters and numbers still rules the day for most personal machines.

And, since the pandemic has forced a great many employees to work remotely or permanently from home, every device has the potential to be a “personal” device, used in the office, at home, a coffee shop, or any number of places. Needless to say, most companies did not plan for that kind of exposure or increase in their inherent risk.

How are passwords inherently flawed?

In early 2022 we invested in researching how everyday computer users interact with their passwords. What we found led us to one very important conclusion: passwords are only as reliable as the people who use them.

And, unfortunately, a lot of people just aren’t very reliable with their passwords.

For instance, 76% of users we surveyed reported that they only changed their passwords when they absolutely had to. Many systems, like email services, will time people out, forcing them to change their passwords every few months. But if systems aren’t programmed to do so–or if companies don’t enforce a similar rule–only 24% of people will proactively keep their passwords safely updated.

Meanwhile, less than half (42%) of the users we talked to said they use unique passwords for each system. Nearly 60%, then, reuse the same passwords on each site, or change only a few letters to protect different machines and systems.

If companies think that employees and third party vendors will be more careful with their data than those same people are with their own personal photos, finances, and documents, they should consider establishing clear and consistent password protocols.

How should passwords be a part of TPRM?

Third party risk management (TPRM) tools like ThirdPartyTrust can help companies keep track of important assurances and compliances like NDAs, pen tests, and popular assessments like SIG.

Credential security measures can, and should, be included with any custom third party risk assessment. Compliance processes like SOC 2, for example, ensure that individuals are using security measures like antivirus software to keep company resources safe.

Beyond that, companies should treat password protection as the important cybersecurity measure it is. While personal phones may ask for biometric data like facial recognition, company systems, too, can utilize this technology or require one-time passwords (OTP), time passwords (TOTP), or multi-factor authentication (MFA) on top of providing employees with password keychain software to make passwords less onerous.

A third party data breach, or vulnerability within the supply chain, can happen to any company at any time. As remote work and cloud access proliferates, companies need to be as aware of massive cyberthreats as they are the sundry (and often overlooked) cybersecurity tools that employees and third party vendors use everyday: passwords.


passwords vendor risk management

Protect your network from exposed credentials

Our survey found that 76% of users change their passwords only when they have to. Are your vendors enforcing security standards that keep your business safe?

Get the latest research on password usage and learn how to protect credentials across your supply chain.

Get The Guide
Chris Gerben
Chris Gerben
VP of Marketing
    • Phone
      |+1-617-245-0469
    • Address
      |
      111 Huntington Ave, Suite 2010, Boston, MA 02199
    • Sales
      |sales@bitsighttech.com
    • Contact Us
    Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

    ©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
    • BLOG
    • PARTNERS LOGIN
    • CONTACT US
    • PRIVACY POLICY
    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
    Do not sell my personal information.
    Reject AllAccept
    Cookie Settings
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
    CookieDurationDescription
    cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
    cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
    cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
    cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
    cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
    viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
    Functional
    Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
    Performance
    Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
    Analytics
    Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
    Advertisement
    Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
    Others
    Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
    SAVE & ACCEPT