COVID-19 and Third Parties: What You Need to Know
The COVID-19 pandemic and subsequent need for social distancing drove a sudden and massive shift to a remote workforce world-wide. Some companies embraced remote, or work-from-home, capabilities long ago. For them the pandemic has been an exercise in quickly equipping and training their office-based staff in using existing tools and techniques to productively and safely work from home. Companies that were new to remote working suddenly found themselves potentially having to select, understand, deploy, and train staff on new collaboration and productivity tools as well as best practices within a few weeks, if not days.
You may have been among this group scrambling to set up new remote collaboration tools and then figuring out how to have a video conference where people communicate productively instead of constantly talking over each other. And then there is that challenge of not always knowing who or what is going to walk into the room and inadvertently join your video call. But then, success! Hopefully you quickly learned how to implement successful video conferencing and have since graduated to morale-boosting video happy hours. Life is good, right? Well, maybe.
Your third parties are critical to your success and many of them are going through the same sudden shift to a remote workforce. Are they protecting your information and business processes as well in a remote working environment as they did when working from their offices? The ubiquitous and easily accessible nature of new and mature cloud-based services provides companies with options to meet every need for a remote workforce. But do your third parties have the processes and technologies in place to use their remote solutions securely?
The 5 Critical Areas
This is where assessments and the Exchange can help. Assessments cover the five areas that are critical to understanding the security of your third parties’ remote workforce:
- Governance: Do they have a history of regularly updating their policies and procedures? This is an often-overlooked area. But if your third party has historically kept policy and procedures up to date, they are more likely to have quickly made the changes necessary to keep their newly remote workforce secure.
- Awareness & Training: Do they regularly conduct robust security awareness training for all employees and contractors? If so, they will better understand best practices, whether working in the office or at home, to keep data secure.
- Remote Access: Are there remote connections secured using methods like a VPN? Are devices checked for secure configuration before being allowed to connect to the company network? If BYOD is allowed, are there technologies and processes in place to ensure the security of company data on those devices?
- Cloud Security: How are they managing their cloud-based tools used by their remote workforce? Is access centrally managed and using secure techniques like multi-factor authentication? Do they prohibit and block the use of unauthorized cloud-based tools?
- User Monitoring: Lastly, do they have the monitoring in place to know what is happening with their data and workforce in a remote world? Are they capturing and monitoring the logs of their SaaS systems? Do they have end user behavior-based monitoring in place to notice if one bad apple is doing something unusual?
The bad guys know they have a rich set of new targets due to the rapid shift to remote working. CyberGRX can help you make sure your third party has the controls in place in order not to be an easy target. Contact us today to get started.
What kind of measures are you taking to ensure your third party partners are staying cyber secure? Let us know in the comments below.