Managing the risk you face from your third-party vendors is an important part of your risk management strategy. The responsibility of that risk is yours to manage. Even if you have done your cyber security due diligence before signing an agreement, you could still be at risk.
The problem is most companies review their third-party vendor’s cyber security practices only once at the beginning of the relationship. The reality is you need to constantly be reviewing best practices to ensure they are still being followed. You may think that this isn’t necessary, but there have been cases, Kaseya VSA is a recent example, where a third party was breached and it affected many of its customers. The surveillance camera breach at Verkada also comes to mind.
One of the best ways to manage third-party risk is to follow best practices from NIST and ISO standards. Part of these standards encompass the need to perform regular audits, plan for third-party incident response, and implement restricted and limited access mechanisms. In addition, you should have a plan in place for preventing a downstream attack.
All of this can seem like a daunting task, especially is you are running a small business. Help is available. Uzado can not only help you manage your own cyber risk and ensure you are following NIST guidelines but can also help you assess the risk management profile of your third-party vendors. Contact Uzado to help you manage your third-party risk.