Managing Third-Party Cybersecurity Risk
Best practices to manage third-party cybersecurity risk.
Proper cybersecurity has never been more important than it is in today’s business environment, which means you should also be analyzing and managing your vendor's cyber risk. Use the six best practices covered in this video to help you ensure your vendor can prevent, detect and respond to a cybersecurity issue.
You may also be interested in:
Hi – I’m Josh with Venminder.
In this 90-second video, you are going to learn 6 best practices for managing third-party cybersecurity risk.
Having analyzed thousands of vendor cybersecurity documentation and evidence, our information security team highly recommends these to protect your organization from having a weak link vendor.
One. Ensure you have someone that understands how to assess and monitor a vendor for cybersecurity preparedness and risks. We recommend a CISSP, or someone with many years of IT experience.
Two. Cybersecurity should be included in your third-party risk management scope. This will enable you to mitigate risk by allowing you to influence the vendor to strengthen their controls and more.
Three. Ensure cybersecurity due diligence is included as a requirement in your program. Due diligence should include a risk assessment that addresses cybersecurity concerns.
Four. Determine your methodology to identify the inherent risk from cyber threats at your vendors – before a cyber risk occurs.
Five. Make sure to document any inherent risk identified and prepare controls to mitigate the risk.
And finally, six. A SOC for cybersecurity provides a common language for vendors to use in describing their cybersecurity risk management program effectiveness. This is a helpful report you may want to use to compare vendors.
Remember, you need to be able to trust that your vendor is prepared to prevent, detect and respond to a cybersecurity issue or event.
Investing time and effort in your vendors to protect your organization is a must in today’s environment. See you next time.
Subscribe to our Third Party Thursday Newsletter
Receive weekly third-party risk management news, resources and more to your inbox.