Cybersecurity and Fraud Protection

The Importance of Conducting Security Due Diligence on Suppliers

Learn why organizations should review the security protocols of their third-party suppliers.

Learn why organizations should review the security protocols of their third-party suppliers.

When building strong cybersecurity defenses, organizations can assess potential internal weaknesses and develop robust strategies to help mitigate risks. But even with strong internal security protocols, risks may remain if organizations do not apply the same scrutiny to the security protocols of their third-party suppliers.

The fluctuating business landscape and continued effects of the COVID-19 pandemic have amplified potential cyber risks. Small and medium-sized companies have become more dependent on suppliers as operations have shifted to remote work locations or alternate support strategies.

“Businesses needed to onboard new suppliers to maintain operations within government-mandated lockdowns,” said Jim Connell, Chief Procurement Officer at JPMorgan Chase. “Some may have had urgent need for technology or critical services and may not have taken the time to conduct a thorough due diligence review. That oversight could leave an organization susceptible to a cybersecurity threat or resiliency risk.”

As the threat landscape evolves and cybercriminals sharpen their attacks and fraud tactics, it’s important to maintain safeguards to protect both your organization and your suppliers.

You may consider these action steps:


Develop Risk Assessment

Begin by reviewing your internal systems and processes, including every department within your organization. Apply this same assessment process to your suppliers, including any new suppliers that have been onboarded in recent months. This comprehensive control review should look for established standards and protocols to help secure any gaps, protect sensitive data from cyberattacks or fraud attempts, and establish resiliency plans in the event of a natural disaster or other emergency.


Enact Cyber Defenses Education

Conduct regular baseline employee training and perform testing exercises with key suppliers to assess the strength of existing security and identify weaknesses. If you find a lapse, require that supplier remedy I within a specific time frame.


Continue Resiliency Processes 

Require every supplier to undergo a thorough evaluation, monitoring and inspection process and make any updates to secure processes. This process should continue after the relationship ends, especially if there are any regulatory or legal considerations to maintain data records for a specific period.

If you need additional resources to get started, the firm offers a variety of articles and videos on cybersecurity and fraud prevention on our Commercial Banking Insights page. If you have not already completed our fraud prevention training webinars below, we encourage you to do so.

  • J.P. Morgan Access® users may log on to register for the Cyber Fraud & Secure Online Banking webinar via "Support > Learning Options."
  • Chase Connect® users may complete the Banking and Payments Security webinar at

If you would like to learn more about cybersecurity trends and fraud prevention, contact your banker, treasury management officer or relationship team to schedule a Commercial Banking speaker engagement session with your employees.

Cyber Magazine Fall 2020 Business Resiliency Cybersecurity and Fraud Protection

Get in Touch and Stay Informed