What if your vendor is your number one Insider Threat through negligence or purposeful act? What do you do to guarantee that your service providers are complying with federal, state and industry cybersecurity regulations? Does your legal team look at your service agreements and look at the credentials of the vendors that you allow to interact with the customer data you are guarding? In this month, we look at the Insider Threat. These are the individuals that we allow to interact with our data. And presently the Insider Threat is the root cause for most data breaches. So, what should we do? Know your own Cybersecurity Framework requirements that you have agreed to in your business contracts. Then your legal consultant or team should make sure these requirements are passed along in your Service Agreements with your vendors. If your third-party provider cannot meet your conditions, you need to continue shopping for support or pull the process in house until you can find a compliant vendor. In 2021, there are CSF compliant businesses with multiple certifications. When non-compliant organizations market that they meet some data privacy law and they have no credentials, it is just their gimmick.
ISO and NIST certified TechR2 meets the current cybersecurity requirements. This will be important to any procurement department looking to locate a fully compliant vendor.