Hi – my name is Gordon with Venminder.
In this 90-second podcast, you’re going to learn some best practices for managing third party cybersecurity risk.
We have a team of certified cybersecurity professionals, such as CISSPs, who analyze cybersecurity risk on a daily basis.
Here are six best practices we recommend:
- My first tip is to ensure that all third party vendors you outsource a product or service to are required to notify you of any cybersecurity incident. Better yet, make it mandatory that they notify you within a specific timeframe, particularly if your customer’s information is involved.
- Second, trust but verify. It’s a common saying in the cybersecurity world. Always look for a sound way to verify your vendor’s cybersecurity footprint. Ensure your vendor does this for their vendors too.
- Third, understand what information your third parties will have access to and who else they’ll be granting access to.
- Fourth, look into how your third party vendor protects data from a data breach. If their procedures are unacceptable, request they increase their controls accordingly.
- Fifth, be proactive and fully understand the type of vulnerabilities each type of third party vendor is most susceptible to.
- Finally, my last tip is to make sure your vendors have a SETA program in place, which stands for security education training and awareness, and that cybersecurity training is ongoing throughout the year.
By implementing these 6 best practices into your program, you’ll greatly help mitigate cybersecurity risk. I hope you found these tips helpful.
Thanks for tuning in; catch you next time!