All banks recognize the importance of cyber security. But effective cyber security must extend beyond the boundaries of your organization to include the various third parties that have access to your systems and data. Your cyber security is only as strong as that of the weakest link in that chain. Consider the number of vendors that might have access to your systems, including:
- Third-party information technology (IT) support
- Managed IT services — e.g., network, firewall and intrusion detection monitoring vendors
- Cloud services — e.g., software as a service (SAAS) or infrastructure as a service (IAAS) vendors
- Non-IT vendors with connections to your networks — e.g., heating, ventilation, air conditioning (HVAC) or security contractors
The financial and reputational risks associated with a breach are not the only concern facing banks when managing vendor cybersecurity. Regulatory compliance now also includes third-party management. But what does an effective vendor management program look like?
If your financial institution is needing help in any of the above areas, we suggest reading the full article from our affiliate RSM at http://rsmus.com/what-we-do/industries/financial-institutions/how-banks-can-manage-vendor-cybersecurity-risk.html. Here you can find further information on the subject, as well as some steps to take in a cybersecurity plan.
If have further questions please contact Paul Nielson who is our financial institutions expert at Isler CPA and he will be happy to help you with any additional questions.