Mortgage

Internal Audit Insight: Managing Cybersecurity Risks with Third-Party Vendors

When working with vendors, you’re not just outsourcing a service but potentially exposing sensitive data to outside entities. Whether it’s client information or access to core systems, the wrong vendor could introduce cybersecurity vulnerabilities. Our latest Internal Audit Insight episode stresses the importance of assessing each vendor’s cybersecurity practices to keep operational risks in check. Richey May compliance expert, Mignonne Davis, and Senior Cybersecurity Advisor/vCISO, Parker Brissette, discuss the topics below, plus more!

Are You Asking the Right Questions?

It’s important to ask targeted cybersecurity questions during vendor assessments. Questionnaires that uncover potential risks can offer valuable insights into how secure your partners really are.

Certifications: More Than Just a Box to Check

Standard certifications like SOC 2 and ISO 27001 show a vendor’s commitment to security. But even with these certifications in place, ongoing due diligence remains essential.

Business Continuity and Disaster Recovery

In the event of a cyber attack or system outage, vendors need to be part of your plan to ensure operational resilience. Business continuity plans and service level agreements (SLAs) can make the difference between a smooth recovery and operational disruptions.

Stay Prepared: Know When to Reassess

Vendor relationships evolve, and so do the risks associated with them. You need a system in place that triggers reassessment when a vendor’s service offerings or access levels change.

Watch the full video above to gain practical strategies for safeguarding your organization’s cybersecurity posture when working with third parties. These insights will help ensure your mortgage business isn’t caught off-guard by hidden risks. For additional cyber needs, the Richey May Cybersecurity Team is here to support you with expert guidance and solutions tailored to your business.