In light of the recent Equifax data breach, companies need to go beyond taking the appropriate steps to reduce cyber-security risks internally and ensure that their external technology vendors are also exercising best practices when it comes to protecting data.
Cyber-security is an issue organizations cannot afford to take lightly — either internally or with their vendors. Cybercrime costs the global economy an estimated $445 billion annually, according to a report from the Center for Strategic and International Studies called, “Net Losses: Estimating the Global Cost of Cyber-Crime.”
No matter what type of technology you deploy at your company and its intended function — whether it’s to manage risk, content, customers, etc. — you need to ensure it is secure and that the supporting technology vendor has best-in-class cyber-security procedures in place.
Here are four questions you should ask any technology vendor providing you software-as-a-service or handling your data to ensure they are minimizing cyber-security risks to your company:
- Is your company data-security certified (i.e., SSAE-16 Type 1 and Type 2, SOC-2, etc.)?
- What is your company doing, beyond certification, to be prepared for new threats?
- Does your company have cyber security response teams?
- Does your company or your partners have your own cybersecurity insurance coverage?
These questions are certainly pertinent when engaging with risk management technology vendors since risk, insurance and claims data can be highly sensitive. In fact, the right risk management technology should not only secure, but it should be able to actually assist with how your cyber-security program functions.
For instance, truly integrated risk management technology can reprieve your IT department from managing so many applications; streamline the disaster recovery process in the event of a breach; or assist with prevention and compliance efforts by tracking cyber-security training requirements, alongside employee training completion.
In conclusion, while it’s important to appropriately vet your vendors’ cyber-security practices, don’t forget to ask your internal IT leadership the above-mentioned questions as well. Ironically, organizations oftentimes realize they don’t meet the very data security requirements they are asking their vendors to meet during either the procurement or implementation processes.
Cyber risks are top of mind for businesses today as more companies find themselves falling prey to expensive and damaging data breaches. Prepare for this risk — and so many others — with the help of risk management technology.