The Cyber Scoop Newsletter

WELCOME TO THE OCTOBER 2024 NEWSLETTER

Cyber Scoop is KeyStone Solutions monthly newsletter about the latest trends, topics, and articles relating to cybersecurity. As a Managed Service Security Provider (MSSP), KeyStone’s expert team helps small to medium sized businesses with IT services including virtual Chief Information Security Officer (vCISO), cybersecurity, help desk support, Governance, Risk, and Compliance (GRC), cloud solutions, and KeyStone’s signature service, IT Team as a Service (ITTaaS) which is an all-encompass solution.

From The Desk of the CISO

Why Vendor Risk Reviews Are Important for SMBs

By Rob Ashcraft, CISO at KeyStone Solutions

Hand checking user review boxes

One area of cybersecurity that I often see ignored is third-party risk management, specifically a process for critical vendor security review. Critical vendors are third-party services and products that are essential for your day-to-day operations and/or have potential access to sensitive data. Even small businesses need a vendor security review process to safeguard their operations and data. Vendors who have access to sensitive information, systems, and networks, make them potential entry points for cyber threats. By conducting thorough security reviews, small businesses can identify and mitigate risks associated with third-party vendors, ensuring that their data remains secure and their operations are not compromised.

Do You Know Your Critical Vendors?

Commentary by KeyStone’s Rob Ashcraft

Finger pointing at check box reviews and data

An article titled “Do You Know Your Critical Vendors?” from Vendor Centric emphasizes the importance of identifying and managing critical vendors establishing essential vendor risk management processes. It clarifies that critical vendors are those essential to supporting an organization’s most important operational activities, often referred to as ‘critical activities.’

These vendors may also present a heightened level of risk to operations. The article suggests starting with a company’s business impact analysis, business continuity, or disaster recovery plan to identify critical activities and, consequently, the vendors that support them. Understanding these distinctions and properly managing critical vendors is crucial for maintaining operational stability and compliance.

My Key Takeaways:

  • Definition of Critical Vendors: Critical vendors are those that support the most important activities within an organization, essential for day-to-day operations.
  • High-Risk Vendors: Critical vendors are not necessarily high-risk; high-risk vendors present significant risks regardless of their criticality.
  • Identification Process: Start with your business continuity or disaster recovery plan to identify critical activities and the vendors that support them.
  • Importance of Management: Properly managing critical vendors is vital for operational stability, essential security controls and compliance.
  • Vendor Management Program: Integrating critical vendors into a third-party risk management (TPRM) program is essential for effective oversight and risk mitigation.

Click on the link below to read the article in Vendor Centric.

View Live Cyber Threat Map From Check Point

Check Point Live Cyber Threat Map Jan 22, 2024