A single data breach can take an average of 279 days to contain and costs an average of $3.9 million, according to the 'Cost of a Data Breach Report 2019' by IBM security.
While there are no certainties in risk management, there are ways to lower the probability of risk and the impact it can have on your organization. See our recent post on how to detect threats and maintain a good cybersecurity strategy.
Another important aspect of cybersecurity-related risk management requires assessing your supply chain. This means taking a closer look at all the vendors that make up your physical security infrastructure and getting an in-depth understanding of their data and privacy protection policies.
After all, the highest level of resilience against cyber threats isn’t achieved alone. It happens when everyone involved commits to best practices.
How can you tell if a physical security vendor is committed to cybersecurity? Here are some questions you can ask them:
1. Risk identification and mitigation – Does the vendor proactively monitor the emergence of new threats and their potential impact on operations, data, and people? Do they have a comprehensive strategy in place to close security gaps and vulnerabilities? What policies do they have in place concerning cybersecurity?
2. Solutions built with cybersecurity in mind – Are their solutions developed with several security layers such as employing advanced authentication and encryption technologies? Are they protecting the organization’s data and the privacy of their customers?
3. A network of trust – Do they work with partners who also have security and data protection in mind? Do they carefully vet and select the partners to ensure the highest levels of cybersecurity and compliance?
4. Transparency and openness – What measures do they take to inform and support their customers regarding cybersecurity best practices? Are they forthcoming about known vulnerabilities and do they share strategies and fixes for quick remediation?
5. Data security and privacy standards –Do they adhere to information security standards such as ISO27001? Do they engage third-party auditors and conduct penetrating tests to identify and address security gaps? Do they have any certifications from other regulatory bodies and international associations?
Those are the same questions that we ask the companies that we partner with as well. Because, if we do our due diligence and build our own network of trusted vendors, our customers benefit too.
If you’d like to know more about our approach to protecting your organization, check out our Trust Center.