Does anyone remember the days of locked file drawers? Companies would retrieve needed information, use it, then return it to a safe place. There was no internet, no online access, locks were our state-of-the-art security measures, and breaches were investigated by finding out just whose desk the errant file was on. Today, we live in far different times. Data has migrated from file folders to retrievable databases, no longer on discrete servers, but in the amorphous cloud.
Just as data has migrated, so have many functions. With increasing size and complexity, many companies have moved a portion of their daily operations from in-house employees to outside vendors. Even those vendors have vendors, making the task of vendor risk management increasingly difficult. In fact, according to this CSO article, a study found the average company’s network is accessed by 89 vendors every week. Two thirds of companies polled in the study weren’t confident they even knew how many vendors had access to their sensitive data. One thing we do know: the number of those outside vendors is only going to rise. Three-quarters of those same companies noted they were using more vendors than they had in the two previous years and 71 percent projected increased reliance on vendor support.
While companies can outsource operations, one thing they can’t outsource is vendor risk management. Consider recent examples of vendor-created breaches and the staggering fines that resulted – Target, AT&T, and Home Depot, just to name a few. Some estimates place the percentage of vendor-related data compromise at over 60%, and those are just the ones that have been reported. Surprisingly, many companies place their trust in their vendor’s processes, while developing organic vendor risk management capability rarely makes it to the top of a company’s expenditure priority list. By failing to take control of the company’s potential exposure to vendor related regulatory and legal violations, data and systems breaches, not to mention reputation damage, companies are risking their core operations, not just a vendor relationship or function.
As with everything in business, “trust but verify” is a necessary approach in managing vendor risk. To pave the road for a reliable and verifiable vendor risk management program, start with prioritizing these basic steps:
Establish ownership and centralize
Vendor risk management needs to be part of a holistic risk mitigation strategy which means it’s centrally managed and controlled. While overall management should be centralized, buy-in of risk awareness and best practices needs to be cross-functional and owned by all departments. To effectively accomplish that outcome, leadership should have and convey a clear vendor risk management picture and road map.
Know where you are
Before you implement a vendor risk management program, perform a high-level assessment of your existing risk mitigation measures, mapping any gaps or deficiencies against your industry and company needs. Drill down to the individual vendor and evaluate that relationship against your risk exposure tolerance.
Know where you want to go
Once you’ve established where you’re starting from, determine your desired end state and map a course to get you there including the capabilities, resources and costs you will need to execute. Think integrated, replicable, and ongoing risk management. Know how to plan and respond to emerging threats.
- The best vendor risk management programs are seamlessly integrated into a data-driven, automated processes. You’ll need to consider your technology platforms, data management configuration, and needed modifications to integrate your vendor risk management activities.
Assess, Assess, Assess
Do more than an initial assessment of a vendor’s risk management practices. Develop a plan of periodic assessments and regular monitoring of your vendor’s operations to highlight any deficiencies or gaps. Determine your own risk tolerance in regard to your vendors, and don’t hesitate to end a vendor relationship if their risk management practices fall short of your requirements.
We hope you are part of the one-third of companies who DO know the extent of your vendor risk exposure. The next step is developing and implementing a centralized, well integrated, and ongoing vendor risk management program.
How To Pay Safely On The Net?
Nowadays the scientific and technical progress is developing rapidly leaving behind and introducing more and more things. E-commerce became an important part of almost every company. It allows reaching the wider auditory, in comparison with the traditional way of promoting. But usually online business requires…
7 Common Reasons Why WordPress Websites Get Hacked
If there is one content management system (CMS) that’s credited for revolutionizing the modern web, it’s WordPress. Thanks to this revolutionary software, making any type of website is not difficult today. Its flexibility and ease of use make it so popular that WordPress powers as…
Manage Endpoint Security With Cloud-Based Action 1
Meet a free Cloud-based endpoint security and patch management solution from Action1 (www.action1.com). This top-ranking solution facilitates network discovery, enables you to find installed software and orchestrate software updates across all your endpoints regardless of their location. With many tools over there, you might be…
Private Practice: Crucial Services Your Startup Needs
Medical professionals around the world dream of having their own private practice. It allows more freedom for dictating your own schedule but it does come with its own set of challenges and while many are similar to those most startups face, starting a business in…
How To Keep Your Personal Information Anonymous And Secure While Using A Web Browser
Browsing the web or checking Facebook a few times a day has recently become something natural as breathing and eating. People wake up, immediately reaching for their phones to be up to date. Is it already an addiction to the Internet? Of course, it depends…
- 3D Printing
- App Dev
- Artificial Intelligence
- Arts and Entertainment
- Big Data
- Blockchain Tech
- Business Technology
- Car Technology
- Cloud Computing
- Cloud Storage
- Computer and Technology
- Conference Calling
- Coupons and Deals
- Cyber Security
- Dark Left 1
- Data Center
- Data Recovery
- Digital Arena
- Digital Marketing
- Edu Tech
- Email Marketing
- Google Glass
- Guides and Tutorials
- Health and Fitness
- Home Appliance
- Home Improvement
- Home Security
- Internet and Businesses Online
- Internet Marketing
- IT Careers
- Mobile Apps
- Mobile Security
- New Tech
- Online Shopping
- Project Management
- Reference and Education
- Reputation Management
- Sales & Marketing
- Self Improvement
- Shopping and Product reviews
- Small Business
- Social Media
- Tech Trends
- Technical Support
- Technology in Education
- Tips & Tricks
- Tips And Tricks
- Video Conferencing
- Virtual Reality
- Wearable Technology
- Web Design
- Web Development
- Web Hosting
An Easy to Learn Inventory Management Software
It is often said that being an employee all your life will never lead to the success and financial freedom that your own business provides, and this is the reason why many people endeavor to have their own business. Being a business proprietor and entrepreneur…
What’s the Best Broken Link Checker in 2020?
Companies go out of business, domain names expire, blog posts get deleted, websites are restructured—there are many reasons why links on the internet break. A 2017 study monitored the links in Yahoo! Directory over time: after only six months, 17% of the links were already…
Online Security Tips You Might Not Know About
Technology is now playing a major role in our daily lives. From how we work to how we spend our leisure time; it is central to us all now. Of course, a tech advance that has transformed our lives the most is the internet. While…
Here’s How Proxies Can Aid Email Protection
Are you concerned about your email protection measures? If that is the case, then this is for you. It all began in November 2014 with leaked emails from Sony Movie Pictures. After this leakage of emails went viral all over the world, people, organizations and…
3 Ways to Prepare For Cyber Security Risks That Employees Must Know
In a world where everything is much easier to do via mobile, app, or device, technology is not going to slow down. We’re all guilty of potentially owning more than one device, whether that is our personal phones, work phones, tablets or fitness trackers. All…
Non-Negotiable Elements For Your Business IT Security Plan
In 2019, having a business IT security plan is more important than ever. An IT security plan is the first line of defense you have for protecting your business – and your clients – against cybercriminals. Cybercriminals include hackers, who frequently obtain personal information with…