Essential data security questions to ask your IT vendor

Building the foundation for cybersecurity

The first step is to ensure a strong foundation. Ask these cybersecurity questions for vendors to determine whether your needs align:

1. Is the vendor insured? For how much?
   Understand their ability to cover potential damages.
2. Is support in-house or outsourced?
   In-house support may provider better continuity, while outsourced support could lead to communication issues.
3. Do they understand your business?
   You want a vendor that understands your business, how to remain compliant, and the challenges that come with it.

cybersecurity tools to protect against a data breach

When evaluating risk mitigation, ask your prospective IT vendor what tools they’ll use to assist with a potential breach. Here are some key questions to ask:

4. What’s in their security toolbox?
   What tools are available to assist in dealing with a potential breach? The vendor may take preventative measures that stop a malicious attack from being executed or reactive measures that are part of a protocol following an attack.
5. What security controls will they use to maintain and secure your environment?
   Find out how the vendor will secure your environment. How often will they review and test their software?
6. If there is a security incident, what will be their role?
   Understanding the role your vendor will play in an incident will help you determine the extent to which you or anyone else will need to be involved.

“When you’re looking to select a particular vendor, knowing that they’ve been around and had experience with different platforms, with different business models, certainly is relevant and key.”

Matthew Adkins, Manager, Information Security with Greenway

Trusting your health data backups

Backups are building blocks for any response and recovery plan. A challenge with backups is they can distribute sensitive data through other systems, creating a new set of risks and concerns. Ask your vendor these questions about backups:

7. Will they perform backups of all servers?
   Consider what’s being backed up — just the application data or the entire server. Also, find out if the backups will be encrypted. If so, who has the keys? Make sure you won’t lock yourself out.
8. What is the backup schedule?
   Going how far back will you be able to restore data? Minutes, days, weeks? This will help you understand how often you should back up data.
9. Are the backups tested regularly?
   The most critical aspect of a backup strategy is testing and executing regular tests of the system.

On premise or the cloud?

Do you prefer your system to reside locally or on the cloud, and why? With a cloud-hosted solution, you can hand off the risk to another entity that can also maintain the system, monitor recovery, handle cyber liability insurance, and take on other responsibilities.

To learn more about Greenway’s cloud offerings, click here.

Other cybersecurity considerations

When you select a vendor, consider the risks of a situation as simple as the receptionist’s workstation not functioning. How will that affect check-ins, collections, and other daily operations? Also consider the bigger picture. How is the organization likely to respond in a high-stakes situation such as a breach?

Find out how long the vendor has been in business. That goes for the organization itself as well as the tenure of its engineers and other staff members.

“When you’re looking to select a particular vendor, knowing that they’ve been around and had experience with different platforms, with different business models, certainly is relevant and key when making that selection,” Matthew said.

To hear more of Matthew’s cybersecurity questions for vendors, click here for our cybersecurity webinar.