MANAGING YOUR IT VENDORS CAN REDUCE YOUR CYBER RISK
Third-party vendors and can pose significant cybersecurity risks for organizations. To mitigate these risks and protect sensitive data, here are five key questions to ask your vendors before signing any agreements.
1. What type of awareness training do you provide your employees? How often?
Vendors should require their employees to complete routine training including topics such as passwords, identifying phishing, responsible data and internet use, social engineering, mobile device security, etc.
2. How will our data be stored, transmitted, and protected?
Your organization should establish guidelines as to how you want your data managed and ensure your vendors follow them. Your compliance framework may have specific requirements too.
3. Do you have a formal incident response plan? How would you notify us if you suffered an attack?
They should have a documented response plan and plan to notify you in a timely manner.
4. What regulatory or compliance frameworks do you follow?
The vendor should follow a framework, be able to explain the basic requirements, and the requirements should be commensurate with your industry requirements.
5. What security measures do you currently have in place?
If you don’t know which technical security measures to look for, make sure your IT support helps with the evaluation process.