Employees are often considered the weakest link in the security chain. For this reason, many organizations focus their efforts on educating, training and implementing protocols for their own staff when evaluating data privacy plans. While internal threats are certainly a tangible concern, this internal-focused approach fails to recognize another leading cybersecurity threat: vendors.