Your biggest security risk may be outside your organisation. Cyber incidents in supply chains are very common and many groups target suppliers in order to reach bigger targets.
With many companies outsourcing their IT support, development and other critical activities, there are a number of things you can do to reduce your risks in a cost effective manner.
Ask your suppliers to achieve industry certifications;
Cyber Essentials covers five key security topics: secure configuration, access control, malware protection, software updating and firewalls. It lets you verify that your suppliers have these security basics in place.
You can also specify the IASME Governance standard. Developed to cover similar topics to the ISO 27001 standard yet more practical for SMEs to implement, the IASME Governance allows smaller suppliers to verify excellent security at a low cost.
Further assurance for high risk contracts
If you need more assurance in your supplier contracts you can request Cyber Essentials Plus or IASME Governance Audited, where a skilled IASME assessor visits your supplier location and independently verifies their security.
Interested but are worried about time and cost?
Periculo have developed an app to automate the end to end compliance and certification process, available now with a 7 day free trial and money back guarantee.
Visit periculo.co.uk/platform for more information.