Preplanning is the key to managing or avoiding a cyber incident. There are many ways to clean up your house internally and many ways to assess and plan for possible exposure. Preplanning is not just about your own internal practices, however: it’s also about ensuring that your suppliers are managing their practices to your standards. Establishing your own “best practices” and policies is important to risk assessment and mitigation and to a defense based on the use of reasonable measures of protection. That effort may lose some effectiveness, however, if you fail to hold others to your standards when they are performing work for you. What follows are some basics to consider when evaluating your vendors and their commitments to your cybersecurity, as well as some specific measures to employ with those suppliers whose work might present a risk to your company data.
What Vendors Present a Risk?
The presence of any third party in your business creates potential risk. Their employees and contractors are not subject to your policies directly; they may work with minimal supervision; and they may have to have access to otherwise-restricted equipment, areas or system. Containing any exposure starts with assessing the risks.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
