This month is Cyber Security Awareness month, and Weaver is participating with a series of blog posts and Insights documents dedicated to making the web a more secure, safe place. This is the second blog post in the series.
Preparation is essential to preventing cyber attacks. This is especially true when it comes to managing your third party vendors. It is important that data security be a collaborative effort among all of a company's partners.
For example, if you grant a third-party shipping company access to proprietary supply chain data — such as your customer's demand and inventory levels — that information could be stolen if a hacker breaches the shipping company's computer systems. Unfortunately, scenarios like this are all too common, and when it comes to managing third party risk, most organizations are reactive, dealing with problems only after they occur, rather than proactively managing and monitoring risk.
To prepare for a cyber attack and effectively manage your vendors, communication is essential. It is crucial to ask your service providers what procedures and audits they have had performed. Requesting a SOC 1 or SOC 2 audit should be a top priority before engaging a new vendor. Limit data sharing to only those supply chain partners that absolutely need it. And ask your partners about their IT security programs. Request that vendors with weak IT controls beef up their efforts.
For more details and specific ways to manage vendor risk, download Weaver’s Insights document, Managing Third Party Technology Risk.