Category Archives: Third-Party Risk & Vendor Risk Management


Third-Party Crashers: Recent Data Breaches Targeting Vendors and Service Providers
Thank goodness we have partners, suppliers, contractors, and third-party service providers to keep our businesses operating smoothly. But let’s make sure that your security postures are aligned – your partners serve as an extension of your business and it is your duty to ensure they are secure and in compliance with your standards as well as applicable laws and regulations. (more…)

A Summary of DBIR 2020 – Where the Data Breach World is Today and How to Prepare for IT

CMMC 101: The Basics of Cybersecurity Maturity Model Certification
WHAT IS CMMC? CMMC which stands for ‘Cybersecurity Maturity Model Certification’ is the upcoming required standard for all contractors and suppliers that work with the Department of Defense (DoD). (more…)

M&A: The Cyber Risk of Business
The impact of the COVID-19 pandemic is profound – every business has been touched, forcing many to explore how their organizations adapt to the new economy. Some industries have bigger challenges due to the nature of their business – travel and lodging, restaurants, transportation, oil and gas and more due to social distancing ordinances. (more…)

Payment Processing in a Remote Working Environment
Organizations are facing a lot of change with remote work set ups – in both physical location and operational shifts. Especially challenged are businesses that manage credit card information electronically and over the phone. These new working conditions unearth new risks for sensitive data. Social distancing can also bring about more social engineering attempts. According to the U.S. Secret Service, social engineering/phishing is a very common online attack right now.* (more…)

Taking Care with Telehealth: Health Care. Cyber Care. Duty of Care.
Social distancing and stay-at-home orders are designed to protect us from the spread of COVID-19, but what about patients that still require check-ups, post-hospitalization follow-ups, continued monitoring due to other conditions – Telehealth is a convenient solution. (more…)

4 Reasons Why Third-Party Risk Management (TPRM) Should Be Reviewed
As people “Stay at Home” and work remotely during the COVID-19 pandemic, organizations have an increased reliance on external partners, suppliers, and third party vendors to keep their businesses running. For some companies, this may be the first time their employees worked outside of their office, without the benefit of established cyber security policies for working from home. It is crucial that third-party vendors be on the same page as their clients to ensure proper safeguards and business continuity. (more…)

Covid-19 Does Not Exempt Compliance nor Security Obligations
While companies are consumed with the task of implementing remote work strategies in response to the COVID-19 crisis, it is critical to remember one thing: No matter how chaotic things get, Coronavirus does not exempt you from your industry or government compliancy obligations such as HIPAA, CCPA and PCI DSS. It also does not release you from your responsibility of employing Duty of Care when it comes to protecting third party personal data. (more…)