We've all seen the issues, many of them disastrous, that companies have with third party vendors and it's something that the security community still needs to take seriously. If the Target breach wasn't engouh to wake you up regarding the control of your third party accounts, I don't know what is. You need to have policy in place that limits these accounts and the ability to monitor them as well as possible. In these two article I speak about ways to ensure network security when working with third party vendors.
Here are the two links:
Article 1 of 2
Article 2 of 2
Here are the two links:
Article 1 of 2
Article 2 of 2