Five best practices to manage and control third-party risk

Defend against privileged user risks

Published August 2016

If you’re like most organisations today, you frequently grant vendors, contractors and other non-staff members access to internal networks and systems. These privileged users remotely administer your operating systems, databases or applications using their own endpoint devices.

The problem is, your security team may know little to nothing about these individuals or their companies’ security practices. These users may be poorly vetted, third parties may have loose security policies and credentials may not be well protected. For these reasons, privileged third-party accounts often present the biggest risk to your enterprise.

Biting the hand that feeds IT © 1998–2022