Support: (615) 499-7801

SEC cracking down on vendor cybersecurity measures

SEC crackdown on vendor cybersecurity ImageQuest

Doing business with a publicly-traded company? You’d better be sure your cybersecurity measures are up to date.

In the wake of several so-called supply chain breaches (think SolarWinds or Kaseya), public company boards are feeling pressure from auditors to dig deep into their vendors’ security practices.

It’s no longer a casual “check the boxes” task.

Sarbanes-Oxley or SOX, a federal regulation enforced by the U.S. Securities and Exchange Commission, governs public company financial statements to protect investors and the rest of the public. SEC auditors checking a company’s compliance with SOX are now demanding complex proof companies protect their financial health from data breaches.

You may already have received urgent letters from a significant customer wanting to know how you protect their information, especially if you have online access to the customer. Publicly traded companies now face pressure to guarantee their business data is not exposed to weak security measures – such as a supplier with inadequate password procedures and no multi-factor authentication.

Call it paranoia if you want, but if an SEC audit turns up a form of noncompliance, officers and directors could face fines and jail. Hence, the more onerous demands for proof that your organization takes cybersecurity seriously.

Among the ways to prove you take cybersecurity seriously:

  • Regular and thorough completion of Risk Assessments
  • An incident response plan – and proof that you’ve tested it
  • Detection and Response monitoring in place
  • Secure access measures followed with no exceptions
  • Assessment of your vendors’ security practices
  • Documentation that you’ve taken these steps

If you are getting letters from your largest customers demanding to know your cybersecurity measures, we can help you respond. Our experts are familiar with the standard security steps accepted as best practices – including NIST, ISO, COBIT, etc.

We can also help you update your risk assessments and vendor management plans to meet your customer’s expectations. Reach out to us for expert help today – before you lose that top client.