The 10 Commandments of IT Security

IT Security Commandment #10: Thou Shalt Demand That Your Vendors, Suppliers, and Clients Take Cybersecurity Seriously

You take cybersecurity seriously. You have decided to live by the nine commandments of cybersecurity that we have shared so far. You keep IT security top of mind, protect your network, keep systems up to date, limit data exposure, train your staff, keep all IT security policies updated and enforced, manage and monitor internal and external access, periodically test yourself, and immediately address issues that arise. Congratulations!

However, your work is not complete. You may wonder why. After all that, what more can you do? Well, the reason is fairly simple and relates to all the people and organizations that you rely on as resources and provide for as clients. The days of creating a fortress on a hill protected by a moat and being totally separated from the rest of the world—at least digitally—are over. Your network, your business, and your organization are connected in innumerable ways with outsiders of all sorts.

The 10th commandment of IT security is to demand that your vendors, suppliers, and clients take cybersecurity seriously too!

Breaches are increasingly occurring via third parties.

To fully live out the 10th commandment, organizations should conduct some level of third-party risk assessment with potential vendors. By leveraging your in-house IT staff or your outsourced IT provider, you should have a defined set of questions to determine the level to which these outsiders take IT security seriously.

Here are some questions to ask:

  • Do you have a cyber liability insurance policy in place?
  • What type of data security training does your staff do?
  • How do you manage remote access to your network?
  • Where will my company data be stored? How will it be transmitted and protected?
  • Will any third parties have access to my data?
  • Have you ever undergone a breach or other cyberattack? What actions were taken afterwards?
  • Do you have a written Incident Response Plan?
  • What security measures, software, and hardware are currently in place?
  • Have you had a recent Vulnerability Scan or Penetration Test performed?
  • Do you have a business continuity plan, and is it up to date?

Asking these questions is a first step to ensuring that those connecting to your network from the outside are taking cybersecurity seriously, thus reinforcing the 10th Commandment of IT Security! Reach out to us here at IT Radix and we can help make IT work for you!