Webcasts, Videos and Podcasts

Thu, May 21, 2020

Minimizing Third Party Cyber Risk Starts with Contract Review

In our previous video we outlined the fundamental steps for building a data inventory to better understand where sensitive data is stored and how best to protect it. In this video, we highlight the need to identify third parties who may have access to your data, and what steps they’ve taken to protect it. Especially in the event of a cyberattack, it is important to know how your data may be at risk and what legal mechanisms your organization has to inspect third parties’ security or minimize liabilities. In a webcast co-hosted with James Melendres of Snell & Wilmer, Jonathan Fairtlough, Managing Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, discussed the importance of creating and updating contracts with third-party vendors to ensure data is securely stored to reduce vulnerabilities that can lead to cyberattacks, such as ransomware and business email compromise (BEC).

Minimizing Third Party Cyber Risk Starts with Contract Review

Watch the full webinar and download the slides: Effective Business Email Compromise and Ransomware Mitigation

It is crucial for security and privacy leaders to monitor and update contracts with third-party vendors to protect their organizations from data breaches. Very often, a data incident originates with a vendor whose security has not been validated due to a lack of legal authority, which should be present in the contract. Clauses such as a contractual right to access and a duty to assist in security reviews are fundamental to ensure a healthy third-party cyber risk management program. In doing so, an organization can audit and ensure the safety of the data being kept by a third-party.  

How to keep track of the data your third parties have? 

It is important to hold your vendors to the same security standard to which you hold your own organization. Monitoring and maintaining the data that your vendor holds should be managed the same way as your internal data inventory. Ensure you’re taking the following steps when keeping track of your third-party data: 

  • Review your vendor contracts 
  • Keep copies of contracts in a documented form
  • Include review of third parties in your audit 
  • Utilize your ability to inspect if you have a clause that allows for it 

In the infographic below, Jonathan identifies key considerations for ensuring the safety of your data. He highlights the need to take the proper steps to know who has your data. This includes verifying the legal review of vendor contracts that hold data and maintaining copies of vendor security assessments. 

Minimizing Third-Party Cyber Risk Starts with Contract Review

Shay Colson, one of our experts, wrote an excellent article on the inherent challenges of managing third-party cyber risk and how to adjust expectations to better fit business needs and strategically manage our resources to address the most pressing risks. It’s a must-read.

Your organization’s data security is increasingly dependent upon third parties, pressing the need for external reviews. Starting with a review of vendor contracts, focused on the key aspects that Jonathan and James shared in the video, helps set the course towards cyber resilience. 

 
Stay Ahead with Kroll

Cyber and Data Resilience

Incident response, digital forensics, breach notification, security strategy, managed security services, discovery solutions, security transformation.

Cyber and Data Resilience

Third Party Cyber Audits and Reviews

Ensure that your third parties are handling sensitive data according to regulatory guidelines and industry standards with our cyber audits and reviews.

Third Party Cyber Audits and Reviews

Data Protection Officer (DPO) Consultancy Services

Kroll's data privacy team provide DPO consultancy services to help you become and stay compliant with regulatory mandates.

Data Protection Officer (DPO) Consultancy Services

Optimized Third-Party Cyber Risk Management Programs

Manage risk, not spreadsheets. Identify and remediate cybersecurity risks inherent in third-party relationships, helping achieve compliance with regulations such as NYDFS, FARS, GDPR, etc.

Optimized Third-Party Cyber Risk Management Programs
Insights
Securing Microsoft 365: Avoiding Multi-factor Authentication Bypass Vulnerabilities
Digital Forensics and Incident Response

Securing Microsoft 365: Avoiding Multi-factor Authentication Bypass Vulnerabilities

November 21, 2024

by Krystina Lacey

Three Tactics to Bypass Multi Factor Authentication Microsoft 365
Q3 2024 Threat Landscape Report: Rising Attacks on Tech and Telecoms Reinforce Need for Business Continuity Planning
Threat Landscape

Q3 2024 Threat Landscape Report: Rising Attacks on Tech and Telecoms Reinforce Need for Business Continuity Planning

November 21, 2024

by Laurie Iacono, George Glass, Keith Wojcieszek

Q3 2024 Threat Landscape Report: Rising Attacks on Tech/Telecoms Reinforce Need for Business Continuity Planning
CARBANAK (aka ANUNAK) Distributed via IDATLOADER (aka HIJACKLOADER)
Cyber

CARBANAK (aka ANUNAK) Distributed via IDATLOADER (aka HIJACKLOADER)

November 18, 2024

by George Glass, Dave Truman

CARBANAK (aka ANUNAK) Distributed via IDATLOADER (aka HIJACKLOADER)
LLM Risks: Chaining Prompt Injection with Excessive Agency
Cyber

LLM Risks: Chaining Prompt Injection with Excessive Agency

November 13, 2024

by Alex Cowperthwaite, Pratik Amin, Kassidy Marsh

LLM Risks Chaining Prompt Injection with Excessive Agency

Kroll is headquartered in New York with offices around the world.

One World Trade Center
285 Fulton Street, 31st Floor
New York NY 10007
+1 212 593 1000
Sign up to receive periodic news, reports, and invitations from Kroll. Our privacy policy describes how your data will be processed.

More About Kroll

More About Kroll
© 2024 Kroll, LLC. All rights reserved. Kroll is not affiliated with Kroll Bond Rating Agency, Kroll OnTrack Inc. or their affiliated businesses. Read more.
Return to top