6 Best Practices for Managing Third-Party Cybersecurity Risk

Podcast Transcript

In this 90-second podcast, you’re going to learn some best practices for managing third party cybersecurity risk.

We have a team of certified cybersecurity professionals, such as CISSPs, who analyze cybersecurity risk on a daily basis.

Here are six best practices we recommend:

• My first tip is to ensure that all third party vendors you outsource a product or service to are required to notify you of any cybersecurity incident. Better yet, make it mandatory that they notify you within a specific timeframe, particularly if your customer’s information is involved.
  
  
• Second, trust but verify. It’s a common saying in the cybersecurity world. Always look for a sound way to verify your vendor’s cybersecurity footprint. Ensure your vendor does this for their vendors too.
  
  
• Third, understand what information your third parties will have access to and who else they’ll be granting access to.
  
  
• Fourth, look into how your third party vendor protects data from a data breach. If their procedures are unacceptable, request they increase their controls accordingly.
  
  
• Fifth, be proactive and fully understand the type of vulnerabilities each type of third party vendor is most susceptible to.
  
  
• Finally, my last tip is to make sure your vendors have a SETA program in place, which stands for security education training and awareness, and that cybersecurity training is ongoing throughout the year.

By implementing these 6 best practices into your program, you’ll greatly help mitigate cybersecurity risk. I hope you found these tips helpful.

Thanks for tuning in; catch you next time!