October is National Cyber Security Awareness month...but why does that matter?
Cyber security has always been an integral part of business, but even more so in 2020. There has arguably never been another time in history when the implementation of practices to defend computers, servers, databases, networks, and other systems from malicious electronic attacks has been more critical. It’s an organization’s responsibility to protect the sensitive data they collect, and the ramifications of not doing so can be costly.
Digital Transformation and Cyber Security
As digital transformation grew through the 2000s and 2010s, bad actors began targeting third-party vendors with ransomware attacks, phishing attempts, and other malicious forms of data breaches. In fact, a recent study by Ponemon Institute shows that 82% of respondents believe that their organization experienced a data breach because of digital transformation, and 66% of respondents believe that their organization has experienced more than one data breach over the last year. Organizations are starting to realize that cyber security must be put at the forefront of business practices today to run a successful, secure, and profitable company.
Third Parties and Cyber Risk
An area that is often overlooked as businesses assess their cyber risk is the third-party ecosystem. The average business works with between 5000-6000 third-party vendors and it only takes one of those businesses to compromise a company’s sensitive data. Additionally, 55 percent of respondents to Ponemon’s Digital Transformation & Cyber Risk survey said with certainty that at least one of their breaches was caused by a third-party.
It’s important to regularly assess your third-party ecosystem so that you know who has access to your data, how protected it is, and where there are gaps that need to be filled. Staying informed on where your data is going and who has access to it is the first step that you can take to protect yourself, your customers, and your employees.
Cyber Security Best Practices.
Here’s three simple precautions that you and your employees can take to ensure that your data and networks stay secure:
- Avoid pop-ups, unknown emails, and links. Before opening any pop ups, links, or emails, make sure to assess them. Do you know the sender? If you don’t or the email address the message is coming from looks suspicious, report it and delete it immediately. Hover over links before you click on them to make sure that it’s going to the site you expect it to – this is an easy way to avoid landing on sites that have malicious software.
- Use a password management software. Two ways to protect your information is to never reuse passwords and instead of writing all of them down and storing them somewhere or using the password manager in your browser, use a management service like LastPass to keep track of your passwords.
- Complete your security education and training. A great way to ensure your company’s data stays secure is to hold regular security trainings for your employees. Another tactic is doing “spot checks” by sending test emails and seeing how many people in the company fall for the ruse can help you to detect gaps.
Even though Cyber Security Awareness Month lasts for just four weeks, your cyber security initiatives should continue and be evaluated on a regular basis in order to keep up with the ever-changing cyber threats targeting organizations and their third parties.
For more information on implementing an end-to-end Third-Party Risk Management program, download our TPCRM 101 guide.
Download our TPCRM 101 Guide