Create incident response plans. Your company should work with suppliers and partners that have the greatest access to your systems and data to document steps to take during and after a cyber incident, including communications and reporting protocols and identifying stakeholders.
Identify, track and govern your most valuable data. Your company should create systems and policies that help identify who is using critical data, such as intellectual property and customer information, and set controls that protect data in transit, in use and in storage.
Measure third-party risks. Your company should undertake a full risk assessment associated with third parties and identify those that could present the most serious threat to your company’s data or reputation in the event of a cyber incident.
Evaluate third-party security standards. Conduct assessments of your most important partners and service providers and the security controls they provide for your company’s assets. These evaluations should also consider any data…
