Now that working remotely is the new normal, chief information security officers and other members of an organization’s security team must rethink security protocols to protect the assets of the organization. Like many things, vendor risk management programs have or will change. Third-party vendor management has always been a necessary risk to an organization’s security but now, more than ever, organizations are cracking down.
As a vendor, you face the same challenges as most organizations with a remote workforce: employees using personal devices, unsecured WiFi networks, working under poor security conditions, and so much more. These compromises in security will introduce new issues and risks for organizations, and as a vendor, you need to be prepared to address them.
Many organizations are in the process of reevaluating and rewriting their vendor security questionnaires in light of the pandemic, which will present new questions that businesses weren’t asking a year ago. Here’s some questions your customers are preparing to ask you as a result of this shift in business culture.
What is your work-from-home policy?
Before the pandemic, most organizations relied on vendors to adopt their security best practices when accessing the organization’s data or networks. But that was when the majority of employees worked in their company’s physical space with strict cybersecurity guidelines.
Today, organizations will require additional information from vendors on how remote workers access the network, your standard policy on working from home, security measures you implement with any remote worker, cybersecurity training you require, and more. If you haven’t done so, prepare a well-documented remote work policy and implement it with your remote employees.
How are you handling authentication and authorization?
As more employees work from home, cyberattacks, such as malware and phishing, increase. According to an article in Infosecurity Magazine, experts detected a 30,000% increase since January in phishing, malicious websites, and malware designed to capitalize on the COVID-19 crisis.
Two-factor authentication and access monitoring protocols should be in place if they aren’t already. When employees don’t meet face to face or don’t use organization-issued laptops, vulnerabilities are introduced. In addition, when employees use personal devices, an organization’s attack surfaces widen. Implementing security guidelines for remote employees can lessen the risk.
How will you handle a disruption of service due to virus spread in your business?
Every business should have an emergency plan so you can continue delivering products and services regardless if your building burns down or your entire team gets COVID-19 at the same time. Your customers need to know that they can rely on you no matter what happens and during a pandemic, anything is possible.
An estimated 25 percent of businesses don’t open again after a major disaster, according to the Institute for Business and Home Safety. If the majority of your employees are working from home, chances are they all won’t attract the virus at the same time, but key individuals could be down for weeks. Ensure you have a backup plan for every critical employee and every critical customer.
Will you sign a new service level agreement?
If you have contractual agreements with your customers, they may want to add amendments that cover work-from-home related security issues. Organizations are thinking about the risks that remote work may expose their data to and are updating not only their own internal policies and procedures but those required of their vendors.
By answering these questions and implementing a new plan for doing business amid a pandemic, you’re already on your way to addressing most new requirements covered in an amended SLA such as remote worker restrictions and required security safeguards.
What is your exit strategy?
Any type of disaster can cause businesses to fail. Smaller businesses are more susceptible to failure and can fail faster during a pandemic such as this. Even if you don’t see the business closing in the near future, your customers don’t know that.
An effective exit strategy can put your customers at ease at a time like this. Regardless of whether you would transition the business to another owner or close it down completely, your customers will ask questions such as, how will you uphold your SLAs? How will you handle our critical business information?
While employees are staying safe working from home, the risk for organizations is increasing. As the world shifts toward a partial or fully remote workforce in an effort to stay safe, managing third-party relationships will continue to evolve. Hackers will continue to manipulate this compromised work environment and find new ways to infiltrate your business and your customers’ businesses, damaging your relationships and your reputation.
The first step to safeguard your business in a remote world is to monitor your attack surfaces. This will allow you to see how a hacker sees not only your business network but also your remote workers’ access to that network. Complete this form to receive a personalized walk-through of ProcessBolt and learn how we can enhance your organization’s third-party risk management program.