NEBANKERS.ORG 14 TECH TALK Cody Delzer, CISA, CDPSE, SVP IS Consultant/Regional Director, SBS CyberSecurity, LLC Controls to Reduce Vendor Breach Risk THE THOUGHT OF A VENDOR BREACH IS terrifying. We engage in vendor relationships because the value proposition is that the vendor will provide us better service and security than we can provide for ourselves, often at a lower cost than we would incur to perform and secure the service for ourselves. We put immense trust in our vendors, yet the news is riddled with stories of data breaches involving trusted vendors. So, where do we start? What do we do? Modern vendor management requires a contemporary approach to controlling risk. The following controls, when implemented properly, will reduce a significant amount of risk: • Multi-Factor Authentication (MFA) — MFA is the single greatest risk-decreasing control you can implement in your organization. Use it whenever and wherever possible, but it must be on all internet-facing apps. The rule of thumb is this: if an application can be accessed outside of your network (i.e., VPN, email, or web portal access), get MFA on ASAP. • Strong Password Requirements — Even with MFA in place, a strong password is still a must, as it’ll guarantee protection against hackers and malicious software. Also, MFA isn’t always feasible on all applications, so a complex password will double the security. • Religious Patch Management — If you have a system with software, you NEED to be patching
RkJQdWJsaXNoZXIy ODQxMjUw