How to build a third party cyber risk management program

Modern integrated business processes have dramatically expanded the attack surface of organizations in all industries. Institutions can no longer ignore the risk presented by vendors or other business partners, especially with regulatory bodies pushing for formal risk management of vendors and third parties. Assessing cyber risk adds to this challenge. It is one thing to make sure your organization is ready to deal with evolving threats- it is even more difficult to ensure your third parties are also prepared.

So, how can credit unions start evaluating the cyber risk associated with their vendors? More importantly, how can credit unions make this process efficient and cost-effective?

Using the right tools and techniques, those in charge of security and risk can drastically reduce third party cyber risk even if it’s not their primary responsibility. Below are four tips on how to save time and money in this process:

  1. Tier Your Third Parties
    Some of your third parties have access to sensitive data that could compromise your employees and customer base. However, it’s likely that many others only have access to nonsensitive data. Identify your most important third parties and spend the most time assessing their security programs. Most organizations use a three or four-tier system.
continue reading »