Hi Myat Htoo Linn,
I do agree with your preventive measures. I would like to propose other solutions.
– the risk management plan: the company may evaluate its current situation of the IT infrastructure and also monitor if its partner follows the security protocol/guidelines. Moreover, the company should have a response plan to mitigate the severity of data breaches.
– Update the software regularly: If they do not update the software, they will still have a security hole in the program that can be misused by hackers.