Why a Telephone Might Be the Best Tool to Stem Third Party Cyber Risk
Compliance checklists and attestations only go so far in mitigating cyber risk. They demonstrate a partner’s commitment to cybersecurity awareness however they only capture a snapshot in time. A vendor, contractor or supplier is just one connected device or phishing email away from a security incident. That vulnerability puts your partners, and therefore you, at risk. Therefore organizations that rely on contracts and agreements to prevent a data breach do so at their own peril. A more hands-on approach is needed. Consider for example a more customer focused mindset in your vendor relations. All too often, vendor communication only occurs at contract renewal time. By contrast, businesses that build strong relationships with their partners make fewer assumptions about cybersecurity preparedness. For starters, conduct quarterly check-ins and discuss current or emerging threats and vulnerabilities. Consider monthly check-ins for larger, more critical vendors. A phone conversation lets organizations address nuances in risk that legal documents cannot. Ultimately, businesses mitigate third party risk when they look beyond checklists to better understand their partners’ security capabilities.
I recently moderated a CISO panel in Dallas and asked panelists about their perspectives on several cybersecurity issues and trends. In this video, two panelists discuss the challenges behind managing and mitigating third party risk.
CISO Perspectives is a complimentary resource for cybersecurity professionals featuring insightful viewpoints, best practices, and sage career advice from a cross section of CISOs. These videos and blogs are proudly offered by Accellion, the leader in secure email and secure file sharing for mitigating third party cyber risk.