Spreadsheets are dumb. Okay, it’s not that spreadsheets are dumb, or that the people who use them are dumb. That’s not at all what we’re saying. What’s dumb is using spreadsheets to manage third-party information security risk. If were going to call something dumb, We’d better have some logic to back it up. Good thing....Read More

  While banks remain on guard for robbers, unscrupulous employees and hackers—keeping the proverbial vault sealed shut—trusted third party vendors could leave the wide door open to cybercriminals. Outsourcing, connectivity and cloud-based solutions have delivered tremendous benefits to community banks but also come with risk. With increasing ardor, hackers and criminals exploit third-party vendors as...Read More

Vendor security risk management is not easy. It’s often a monotonous combination of spreadsheets, questionnaires, following up with people, and uncertainty. It’s often frustratingly tedious, and it can actually cause otherwise strong information security programs to falter. The best relief is to take a three-step approach to vendor risk management. Simplify. Standardize. Defend. Simplify Managing...Read More