Third Party Risk Management

COVID-19 InfoSec Impacts: Third-Party Risk Management

Reading Time: 2 minutes

Last Updated on April 13, 2020

Covid-19 Third-Party Risk Management Impacts
At Pivot Point Security, we’ve been hard at work helping clients and others with their many questions and concerns stemming from COVID-19. To share guidance on some of the most common and critical issues, Pivot Point CISO and Managing Partner, John Verry, recorded a special episode of  “The Virtual CISO Podcast”.
The podcast covers the three biggest groups of cybersecurity issues that businesses are facing from the coronavirus outbreak:

  1. Teleworking challenges
  2. Coronavirus-based social engineering/phishing attacks
  3. Third-party risk management (TPRM) and supply chain disruptions

As businesses move quickly to cope with COVID-19, John’s insights will help reduce some of the new InfoSec risk that these changes are introducing. This blog post highlights TPRM advice from the podcast.
COVID-19 has disrupted supply chains both globally and locally. How do you get a handle on the impacts to your business from vendors that are closed or running short-staffed?
Your first move should be to understand which third parties you are truly reliant on. “Since you don’t have the bandwidth to cover everything, focus on that which can hurt you worst,” says John.

Do you have alternative suppliers if key vendors can’t meet your needs right now?

We have an IoT manufacturing client that is 100% dependent on China for components—they literally have no alternatives. So at this point they can’t manufacture anything until things clear up a bit.

“John recommends calling on all your most critical vendors to ask how they’re handling COVID-19 concerns and how that’s impacting your business and your customers.”

We also work with a lot of small IT and managed services providers that serve many of the businesses. These service providers are mostly small companies. If they lose one or several key people, what impact might that have on you as their customer? Being aware of this potential risk and checking in with these vendors is a high priority.
Cloud service providers and software-as-a-service (SaaS) providers can similarly put your business at risk. Are your vendors’ platforms architected to account for the current level of global teleworking? Even leading CSPs like Microsoft and Google are having trouble scaling up lately. Again, weigh the risks and check in with the vendors.
In general, John recommends calling on all your most critical vendors to ask how they’re handling COVID-19 concerns and how that’s impacting your business and your customers. If your risk is elevated, you need to know.
Good luck and stay safe and well out there!

ISO 27001 Roadmap ThumbnailISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know –
and things you may already be doing.

Get your ISO 27001 Roadmap – Downloaded over 4,000 times

Back to list

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *