Creating a vendor management program is difficult. However, that’s only the first part of the process. To fully implement your plan, you need to measure its effectiveness at reducing risk. To do that, you need objective key performance indicators (KPIs) for determining how well your vendors comply with the outlined controls in the service level agreement.

The greatest risk to a company is actually its own employees. Malicious insiders can commit employee fraud in many different ways: data theft, timecard theft, and monetary/asset theft are just a few types of fraud to keep on your radar. Here are four tools and practices you can adopt to detect employee fraud should it happen in your organization.

Insiders keen on making money from the valuable data your organization holds need only use a TOR browser to connect with buyers, hackers, and everyone else who doesn’t have your organizations best interest at heart.

The Internet of Things (IoT) broadly refers to devices and equipment that are readable, recognizable, locatable, addressable and/or controllable via the internet. This includes everything from edge computing devices to home appliances, from wearable technology to cars. IoT represents the melding of the physical world and the digital worked, as sensors are not costly and wireless access is now ubiquitous.

PCI DSS is an incredibly important compliance standard for those processing card payments. It stands for Payment Card Industry Data Security Standard. Whilst that doesn’t exactly roll off the tongue, it is a very resilient set of standard requirements that aims to make a business more secure. A 2018 payment security report revealed that no company affected by a data breach was completely compliant with PCI DSS.

Not all cybersecurity budgets are made equal, and for some that means having too many or too few tools. For others this means having few employees or being the lone ranger responsible for better security awareness in the company. Here are options that fit every budget.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. There has been some amazing breach notifications this week, none of which I will comment on as there’s plenty of articles already. First item of comment this week is an interesting article commenting on various hosting providers – are they fair points? How far should our trust go in that any service provider of any kind is doing their best to look after both ours, and their, property?

In a post released on 1/8/19, I wrote about the record number of breaches in 2018. This brought to mind a podcast that I was listening to a few days back hosted by Corey Nachreiner, CTO of WatchGuard Technologies, Inc. on his 443 Podcast. Corey discussed the potential data deduplication problem on the Dark Web.