Third-party risk management (TPRM) is reviewing and mitigating risks associated with outsourcing business operations to third-party vendors or service providers. Risks are varied but include cybersecurity risks like data breaches or reputational risks that affect business continuity. If your organization wants to create a TPRM program or upgrade your current risk management strategy, focusing on customization can be critical in setting your organization apart.

Your security questionnaire workflow is the litmus test for the efficiency of your overall Vendor Risk Management program. If this pipeline gets congested, all of the VRM processes, depending on it, get disrupted, which impacts your security posture and heightens your risk of suffering a third-party data breach.

The Hypertext Transfer Protocol (HTTP) and the Hypertext Transfer Protocol Secure (HTTPS) are data communication protocols for the internet. HTTPS uses encryption algorithms for secure data transfer. Without encrypted communications, information transfer is not protected and sensitive data becomes vulnerable to attackers. This article includes a brief overview of HTTPS, as well as actions you can take to ensure that you have set up HTTPS redirection for your website.

In recent years, vendor risk management (VRM) has become a complicated practice as businesses aim to scale and manage potentially hundreds or thousands of vendors. With more vendors, cybersecurity risk is introduced, necessitating software and other digital solutions to adequately manage these vendors. The role of software in vendor risk management products is more important than ever now and moving forward.

Whether you’re a large or small business, the cybersecurity framework by the National Institute of Standards and Technology (a federal agency of the U.S. Department of Commerce) offers an efficient roadmap to an improved cybersecurity posture. Compared to other popular cyber frameworks, like ISO 27001, NIST CSF is more effective at mitigating data breaches, especially during the initial stages of implementing a cyber risk management program.

The European Union introduced the EU Cybersecurity Act to boost cybersecurity measures and cyber resilience across EU member states. With a digitally connected Union, having consistent regulations for cybersecurity measures across member states is vital in protecting against cyber attacks.

Whenever an organization outsources part of its business process to an outside party, it introduces various risks to the primary organization. Third-party risk management refers to how organizations address and mitigate security risks across their entire library of vendors and suppliers. Unfortunately, third-party risk exposure can be difficult to manage and comes with many challenges organizations must address for an effective third-party risk management program.

CISA added CVE-2023-24489 to the Known Exploited Vulnerabilities Catalog in August 2023. CVE-2023-24489 is an access control vulnerability impacting the use of Citrix ShareFile StorageZones Controller version 5.11.24 and below. Citrix ShareFile is a real-time collaboration platform. While ShareFile primarily offers a cloud-based file-sharing application, there are some features that accommodate data storage through the use of a storage zone controller.