
Aug 12, 2021
4 min read
The Impact of EBA Guidelines on Third-Party Risk Management
There are many types of third-party vendors whose activities, as they relate to European banking and the financial market, are regulated by the European Banking Authority (EBA). These include cloud-based web hosts, call center providers, bookkeepers and various maintenance providers and software companies, among others. Working with these third-party vendors has many advantages, as it reduces costs and improves flexibility...

Oct 22, 2020
3 min read
Securing Your Suppliers: Complying With Regulations
Organizations have much more than just data to lose in a third-party breach. Besides losing consumer confidence and loyalty, companies in both the United States and the EU can face costly penalties for violating data privacy regulations. During National Cybersecurity Awareness Month (NSCAM), it’s appropriate for organizations to also be aware of the risks of non-compliance. Not complying with HIPAA...

Sep 07, 2020
4 min read
7 Facts You Should Know About NYDFS
Many organizations must comply with the New York Department of Financial Services (NYDFS) Cybersecurity Regulation, which is also known as 23 NYCRR 500. Like numerous regulations, 23 NYCRR 500 is designed to protect sensitive non-public information. However, it is specifically meant for covered New York-chartered or licensed financial institutions such as credit unions, banks, insurance firms and mortgage companies, as...

May 27, 2020
4 min read
4 NIST Standards Your Organization Should Align With
The National Institute of Standards and Technology (NIST), part of the US Department of Commerce, establishes best practices that are considered some of the best standards throughout the world. Some of their standards focus specifically on information security and privacy and are particularly important when assessing cyber posture. NIST’s robust InfoSec and privacy standards are valuable because they are well thought-out,...

Apr 07, 2020
4 min read
5 Key Security Controls That Should Be in Your SOC 2
You want to grow your business, but your customers want to be sure that you have taken steps to prevent unauthorized access to their sensitive data and personal information. One effective way to demonstrate that your organization has the right security controls in place is through a Service Organization Control 2 (SOC 2). Developed by the American Institute of Certified...

Nov 26, 2019
3 min read
3 Key Points About CCPA
What is CCPA? The California Consumer Privacy Act (AB 375), which will go into effect on January 1, 2020, is expected to significantly strengthen data collection and privacy in the USA. Similar to the way the General Data Protection Regulation (GDPR) defined data privacy in Europe, the CCPA regulation is expected to set the standard for data privacy in the...

Oct 24, 2019
3 min read
Tips for Your Vendor Security: Complying With Regulations
Organizations have much more than just data to lose in a third-party breach. Besides losing consumer confidence and loyalty, companies can face costly penalties for violating data privacy regulations. During National Cybersecurity Awareness Month (NCSAM), it’s appropriate for organizations to also be aware of the risks of non-compliance. Not complying with HIPAA can cost as much as $1.5 million per...

May 22, 2019
4 min read
Happy Birthday, GDPR!
It’s been one year since the General Data Protection Regulation was implemented, and it’s shaken up the way many companies approach data privacy and third-party cybersecurity. We asked Dov Goldman, Panorays’ director of risk and compliance, to share his insights about this sweeping regulation. What have been some of the biggest changes on the privacy and security front since GDPR...

Feb 20, 2019
2 min read
Cyberattacks in a Global Supply Chain: How Compliance Officers Can Mitigate Risk
Cyberattacks in the supply chain are being industrialized to not only target one company, but many companies across a single industry. Cyberattacks hit two-thirds of firms, according to research by CrowdStrike, and the impact reverberates from financial to operational disruption and the actual loss of customers. Cybercriminals are now taking advantage daily of easy access provided by privileged accounts. Attackers target the...

Feb 14, 2019
2 min read
NYDFS Cybersecurity Regulation Deadline Looming
The two-year implementation period for the New York Department of Financial Services (NYDFS) cybersecurity regulation, 23 NYCRR 500, will be over on March 1. This means that the final requirement involving entities that use third-party providers will soon become effective. What do companies need to know about the NYDFS regulation and deadline? Read on for some key guidelines. What is...
Popular Posts

Feb 10, 2022
1 min read
The Most Common Third-Party Cyber Gaps Revealed
As organizations increasingly rely on third-party vendors to provide essential services, they also become more vulnerable to vendor related cybersecurity risks. A recent study by Forrester found that nearly 60% of companies experienced a data breach due to a third-party vendor in the past year. But what are the most common vendor cyber gaps that organizations should be aware of?...

Aug 26, 2021
3 min read
4 Ways to See if You Are at Risk of a Vendor…
Recent supply chain attacks such as Kaseya, Accellion and SolarWinds have illustrated that when it comes to vendor breaches, it’s not if, but when. While it’s impossible to predict cyberattacks, there are key steps that you can take with your vendors to determine if you might be at risk. Here are 4 key strategies: 1. Monitor security posture It’s important...

Jan 03, 2022
3 min read
5 Resolutions for Reducing Third-Party Cyber Risk in 2022
If there’s one thing we’ve all learned, it’s that supply chain attacks are not going away anytime soon. Last year, we saw major cyber incidents involving Accellion, Kaseya, Codecov and others; next year, there will certainly be more. To help prevent and respond to similar cyber incidents, it’s essential to consider how best to reduce third-party risk. How can this...