Today’s business is part of the digital and online world, no matter the industry. With the pandemic, this aspect just recently expanded to include the entire workforce, whether remote or hybrid. So, what does this mean for companies and cybersecurity?
It means a bigger number of risks because to use the digital and online world, a company must have tools and technology to conduct business. This also means there is an exchange of data over a network with the tools, technology, and platforms that are used.
These tools, technology and platform options can be connected to third-party vendors, which consequently means that there’s a data exchange over a network with external parties.
When you conduct business with any of your digital tech and tools, such as computers, software, IoT devices, mobile devices, computers, servers, applications, cloud, host providers, and so on; you exchange information (data) and use a network.
With a remote or hybrid workforce, the work environment you need to protect also grew.
So, how can you find out what your third-party partner’s cyber resilience is, so that you can address cyber risks or compliance requirement needs immediately?
We have four questions that you can ask your partners to determine their cyber resilience.
What are your current standards for protecting customer data?
With privacy laws such as the GPDR and the CCPA – future CPRA – you want to make sure that partner vendors you use meet compliance requirements to avoid fines. You must have the opportunity to recover the data that is exchanged, track it, and meet all the privacy law requirements. This will also involve the company’s backup strategy and policies, as well as if they conduct regular infection simulations and backup procedure testing to ensure their strategy is actually effective if they were attacked or their data held ransom by cyber criminals.
Do you have true end-to-end security?
Since cybercriminals are constantly finding new ways to attack a network, businesses must have endpoint security or better put, the extra layer of protection will help to avoid an easy breach. With your remote workers at home and your hybrid workforce exchanging information with work-from-home (WFH) team members, there is an absence of the company’s office end-to-end security set up. For this reason, you want to ensure all tools, tech, and platforms the company uses has endpoint security.
Are your security policies consistent throughout departments and personnel?
Even if you have endpoint security and check on privacy law and compliance regulations, you also want to work with partners that have a company culture around cybersecurity. This means that their security policies and procedures are the same for all personnel, across all departments. Standardized policies ensure that all groups work with the same types of access control settings and avoid abuse by cybercriminals of those settings that would be different and give them room to get in.
Do you perform security audits regularly?
Security audits help a business to assess what areas of their operations need attention. You conduct a penetration testing of internal and external systems, a review of one’s security policies and procedures, and find out what type of regular exercises are conducted to determine the efficacy of security measures were breach to happen. A company should conduct a security audit (also known as a security assessment) at least once a year, if not more. In addition to asking about their audits, ask about access to audit logs were a breach to happen and their crisis management PR statements because you will also be held accountable to report about the breach due to data privacy laws such as GDPR and CCPA.
Now that you have these questions handy, you can move forward with your vendor risk management needs and assess where your partners stand with cyber resilience.
You can also pursue your next cyber resilience options with the CEO and/or security executive and IT team for additional measures you want to take right away with your remote and/or hybrid workforce.
If you need the support of a cybersecurity expert or if you want to consult with a fellow colleague to see how you can address important vendor risk management topics with the CEO and boardroom, schedule your free consultation here: https://calendly.com/ncxgroup
NCX Group is an independent cyber risk and resilience advisory firm with over two decades of experience supporting business leaders, boards, and deal teams when risk affects value, operations, and decision-making.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
