Supply chain, or third party risks are no small matter. Many times we’ve seen companies get breached via a third party. TJX perhaps being the most popular example, but by no means the only one. NotPetya was initially spread to a Ukrainian tax software M.E Doc.
And how many times has supplier fraud caused a business to lose products or money.
But that being said, it’s not practical to eliminate, or in many cases reduce the number of third parties an organisation deals with. It’s all about learning to manage the risks more appropriately.
So, for your viewing pleasure, I made this short video outlining some of the complexities, risks, and seven tips on how to manage your third party risks.
For those who prefer to not watch videos, the seven tips (well the headings of them) are:
- Business Impact Assessment
- Inventory of Partners
- Policy & Legal
- Communication & Education
- Technical Assurance
- Incident Response & Planning
- Exit Strategy
And yeah, reading it as a list like that doesn’t make a whole ton of sense, so maybe just watch the video.
*** This is a Security Bloggers Network syndicated blog from Javvad Malik authored by j4vv4d. Read the original post at: http://feedproxy.google.com/~r/J4vv4d/~3/cO60ePs8q9E/