In recent months, we’ve seen a variety of regulators from Finance to Defense cite the importance of third party cyber risk management. You can now add the Federal Trade Commission to the list.
The FTC is the lead US government agency when it comes to enforcing consumer privacy laws. In recent years, the FTC has settled a number of privacy cases where companies have failed to adequately secure their networks, resulting in the loss or compromise of sensitive personal data.
To encourage organizations to be more proactive when it comes to cybersecurity, the FTC recently created a "Start With Security" campaign to educate businesses about essential practices that they should put in place to reduce the likelihood of a data security incident. The FTC also issued a "Top 10" guidance document for companies based on their 50+ law enforcement actions announced over the years.
Any organization possessing consumer data should immediately review the FTC's guidance, as it is both a list of best practices that will help make an organization more secure, but also a roadmap for future FTC litigation. In reviewing the FTC guidance, we noticed a number of third party and vendor risk management issues that the FTC emphasizes. Organizations should closely examine their third party programs to ensure that they are aligned with the FTC’s best practices.
The FTC recommends organizations take the following steps to manage third party risks:
Regulators like the FTC have been increasingly focused on third party cyber risk issues for their regulated entities. Knowing the evolving legal requirements for third-party cyber risk management is crucial to developing a comprehensive cybersecurity program.
While security ratings are a great way to demonstrate that you’re paying attention to the cyber health of the organization you also need to show that you’re adhering to industry and regulatory best practices for IT security and making...
In November 2019, the Federal Financial Institutions Examination Council (FFIEC) released an update to the Information Technology Examination Handbook (IT Handbook). This handbook is a guide for examiners at its member agencies, which...
Early in 2019, unknown threat actors attempted to hack the Australian federal Parliament’s computer network and the servers used by every politician, staffer, and security officer in Parliament House. Authorities believe there is a strong...
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469