Ransomware is not isolated to tech companies, which is clearer than ever given the attacks this year. In a recent interview with Now This, our CEO Vikas Bhatia, discussed the fundamentals of these attacks and how companies across industries can better prepare by utilizing a third-party risk management plan.
We’re excited to announce the Standardized Information Gathering (SIG) questionnaire license offering in conjunction with the JustProtect platform.
If you are new to JustProtect, welcome! We are a regulation and content-agnostic cloud-based platform that centralizes, automates, and simplifies the assessment process for companies with or without a GRC. Whether it’s third-party risk, procurement, internal audits, or compliance readiness, we can reduce time and the human cost of your assessment process.
Now that we have identified the issues to watch out for, we can share what you can do to triage risks and develop your 3rd Party GRC Solution.
Let’s Reassess How You Think About 3rd Party Assessments!
Caveat: We can’t possibly provide a complete 3rd Party consulting framework in a short blog. This post is to provide you with a new framework for 3rd Party risk and new thinking in assessments.
First, let’s clearly define what a 3rd Party is. We believe they encompass all of the following: suppliers, 3rd Party agents, contractors, distribution centers, call centers, contract manufacturers or assemblers, outsourcing firms, service providers (SaaS, Cloud, and a thousand more).
Last week, we discussed the two strategy pitfalls companies face when they realize that they have regulations, laws, and certifications they need to be in compliance with. This post dives deeper into what companies experience when they go down this path.
Many companies start assessing innocently enough in order to respond to government and/or industry regulations, laws, and certifications with all the right intentions. They want to be in compliance, protect their business, and hopefully use these as differentiators in the market.
It was reported that contractors in China used by Microsoft to train Cortana, their AI engine, were granted access to voice recordings with minimal cybersecurity controls. A former contractor told the Guardian that workers were not vetted and shared account credentials were able to be used on personal laptops.
Regulatory compliance can be a daunting task for small companies for a variety of reasons. For some, it could be that they do not have the necessary staff to commit to such a project. For others, it may be the lack of capital to pay an expensive consultant to do it for them. Another issue that plagues small companies is the lack of knowledge required to navigate the treacherous waters of regulatory compliance. While JustProtect may not be able to provide your company with more employees or extra money, something we can give you is knowledge. And Knowledge is Power.
Preparing for Risk
JustProtect is known for our ability to make cybersecurity and vendor risk assessments easier. But we, just like everyone else, have broader concerns from a risk perspective.
When COVID-19 arrived on our shores, it forced a large portion of the country's employees to work from home. While the majority of our team already worked remotely, we still needed to advise one of our office locations to work from home.