Vendor Onboarding Posts

Cyber SecurityEnterprise Security QuestionnairesRemote WorkSOC 2Vendor OnboardingWFH Cybersecurity

9 Small Business Cybersecurity Wakeup Calls for Founders

Every day we talk with startup founders about small business cybersecurity. Although we'd love to speak with founders that spontaneously decided to "do more" about cybersecurity, our conversations usually start very differently than that.

Most often, there is a very specific and urgent cybersecurity-related need at hand. And an urgent call to our team for help thinking it through. We're happy to help -- not a problem! However, for the benefit of founders that haven't yet hit one of those moments, here's what folks a few steps ahead of you are running into. We're glad to help with these more proactively if you'd like, to save a hectic scramble later.

9 Small Business Cybersecurity Wakeup Calls Founders Do Not Want
Enterprise Security QuestionnairesVendor Onboarding

Compensating Controls and Campfires

Far too many vendor onboarding processes -- especially those that don't leave room for compensating controls -- feel like they are destined to be combative from the start.  In the typical storyline, a tiny company is working feverishly to sell its products or services to an enterprise, and after gaining support of the "sponsor" (business decision maker), the vendor onboarding process kicks into action.  The only problem?  It often involves dozens-to-hundreds of nuanced cybersecurity questions that the tiny company is ill equipped to answer.  And that puts in jeopardy all of the good work that the small business and the enterprise can do together -- because the path to collaboration starts by running the gauntlet through the vendor onboarding process.  And that process is far from guaranteed to lead to approval.

Cyber SecurityVendor Onboarding

Vendor Risk Management & Nobody Gets Fired for Hiring IBM

Ever hear the famous saying about vendor risk management? "Nobody ever gets fired for hiring IBM."  

We don't hear this saying as much as we used to a few years ago, but the concept is still a thought provoking one -- especially for those of us that spend time in the vendor risk management arena.  And it applies far beyond the specific company cited in the saying.  Here's why it's worth reflecting on this saying today.

Vendor Risk Management - Nobody Gets Fired
Cyber SecurityEnterprise Security QuestionnairesVendor Onboarding

6 Key Vendor Risk Assessment Conversations

When a new vendor (maybe a small business) begins working with an enterprise, you can bet that there will be a vendor risk assessment of some form.  Format-wise, it might be an Excel-based security questionnaire, a web portal, or a repurposed survey tool with customized questions.   It will almost certainly involve a few clarifying conversations, revisions, evaluations, and (here's hoping) approval.

Let's zoom out one level above the nitty gritty of the questions that are deep in the assessment.  What are the key vendor risk assessment topics that both sides should expect to discuss at some point in the process? 

6 Key Vendor Risk Assessment Conversations
Cyber SecurityEnterprise Security QuestionnairesVendor Onboarding

What’s Broken about Enterprise Security Questions

Normally we put all of our focus on helping small businesses with cybersecurity, but today we're here to talk with enterprise compliance teams about their enterprise security questions.  Bad news: almost all of the questions we've seen are broken.  Good news: they are fixable.  Let's explore.

When a small business is on the cusp of closing out an enterprise sale, that is a big deal to the whole small business.  It's high stakes for them.  They'd be willing to hop over just about any hurdle you ask them to.  But what if there are 200 different hurdles, some of which matter a ton, others don't matter much at all, and all of the hurdle heights are obscured.  Sound hard?  It is.  Here's what's broken about enterprise security questions.

Whats Broken about Enterprise Security Questions
Cyber SecurityEnterprise Security QuestionnairesImplementationVendor Onboarding

Risk Grading for Enterprise Compliance Directors

This blog is usually written with the small business audience in mind.  We usually post about cybersecurity topics that we believe will be useful to small business owners, small business CTOs, small business IT directors, etc.  Today is different.  Today, we'd like to speak to the Enterprise Compliance Director audience -- about their relationship with small businesses.

Enterprise Compliance Risk Grading