4 Vendor Risk Shifts to Take Into 2021

It’s wild to think that we’re rapidly approaching the end of 2020, and 2021 is just waiting to make its arrival. For many, the promise of the new year has been a light at the end of the dark tunnel that has been this very challenging time. But, we’re not out of the woods yet, especially in the third-party risk arena (and truly, pandemic or not, managing vendor risk well is a never ending pursuit). If we hope to start off 2021 on the right foot, there are a few areas we’ll need to give some extra TLC.

4 Things to Focus on in 2021 for Third-Party Risk Management

1. Devote more resources to cybersecurity.

There’s not an industry out there whose security wasn’t impacted by the pandemic. Healthcare providers, in particular, had a bad run of it, and bad actors everywhere jumped at the chance to take advantage of the chaos. So many organizations have had to adjust operations to interact digitally and virtually, and in many cases implementing those new technologies have been costly to say the least, leaving many looking at areas to cut. We’re here to tell you, if cybersecurity finds itself on your short list, you better change that up fast! Now, more than ever, we need to prioritize strengthening our cybersecurity. So, while you’re looking at budgets for the coming year, make sure to add extra padding for measures to protect your data.

2. Dedicate increased focus on security training.

Despite cybersecurity concerns, the pandemic has forced organizations to take a huge leap into the cyber world, and conduct operations through remote connections. This leaves a lot of trust and accountability in the hands of each individual person. This is why a comprehensive cybersecurity program includes security training. It’s critical when performing due diligence on critical vendors that you review their security training protocols and plans.

Assure your key vendors have provided additional security training to all personnel and highlighting the key roles they play in maintaining network security from their homes. For example, this should cover the “dos and donts” of where and how they can connect, (i.e., only through secure Wi-Fi connections) and should ensure they maintain a well-protected working environment which includes a close handle on equipment, along with all the usual phishing, data control and other safety precautions. While this isn’t exactly new, given the vulnerabilities 2020 exposed, we all need to make better efforts to cover our bases for 2021. 

3. Revisit automation.

The more functions of vendor risk management you can set-and-forget, the better. Organizations that are able to automate routine vendor management tasks invariably have more time on their hands to focus on areas of vendor risk that need a human touch, and hopefully help increase staff budgets. Many organizations have made staff cuts — a tool to automate can assist in keeping the “machine” running despite limited personnel. Automation can also help drive consistency and add an extra layer of protection.

4. Consider pandemic-related regulatory shifts.

While regulatory changes happen year after year, 2020 in particular created quite a case for itself when it comes to certain guidelines. To name a few, financial service companies will have to navigate differences in state, federal and global regulations around payment modernization such as payment processors, data aggregators and cloud providers, while special attention will be given to federal standards for consumer protection in specific areas such as affordable housing, student loan debt and other supervisory easement. Regardless of your industry, be sure to double check your regulatory environment as you prepare for the new year.

Hopefully, with the right measures in place and with a few simple shifts in the way we manage risk, 2021 will be a whole different story. 

Go into the new year by reflecting on how the industry has evolved in the past year. Download the whitepaper.