Ostendio Blog

3 Steps to Improve Your Company's Security Posture

Written by Grant Elliott, CEO and Chairman, Ostendio | Jul 29, 2021 2:15:10 PM
[4 min read]

Late last year we wrote a blog that looked at Risk Management and Data Security and suggested what you might do differently as we headed into 2021. Without a doubt, 2020 created a considerable amount of uncertainty and risk, making Risk Management and Data Security hot topics for most businesses. Now that we are deeper into the year, let’s assess the year so far, and look at steps you can take to improve your risk management program in the months ahead.

If it feels like you see regular news about data breaches then you are right. A recent article in the National Law Review discussed the increasing likelihood of an organization suffering a data breach suggesting  “the question for most companies is not if they will be a victim of cybercrime, but when”. And the HIPAA Journal also recently reviewed the June 2021 Healthcare Data Breach report saying, “For the third consecutive month, the number of reported healthcare data breaches of 500 or more records increased.”  The Security Boulevard recently reported that phishing and ransomware are driving the increase in data security breaches. The article added, “Data compromises have increased every month this year except May. If that trend continues, or even if there is only an average of 141 new compromises per month for the next six months, the total will still exceed the previous high of 1,632 breaches set in 2017.” With the threat of data breaches set to continue it is time to improve your risk management and data security programs.

Take 3 simple steps to improve your data security

With those daunting statistics and predictions in mind, consider taking these three steps to improve your data security program:  

  1. Conduct a gap assessment against an information security standard such as NIST CSF 
  2. Implement simple security policies and procedures to address the most critical gaps and train your team on them. You can add more detail or nuance as your program matures.
  3. If you are thinking about going through a formal external assessment for the first time, seek expert help.  It will save you time and money in the long run.

Once you have a firm grasp of where your organization sits relevant to the compliance regulations, risks, and your own goals for information security - you can begin building a strategy to keep your company and customer data safe. 

The third point is critical if you don’t know where to begin. Speaking to experts in risk management and data security, and using the right tool, will help your business start off on the right foot and get your program established properly from the beginning.

Regulations and standards hold increasing importance

If you haven’t heard of SOC 2 audits, HITRUST or NIST then it is time to invest in your data security program and learn more.  2021 has already shown an increased emphasis on demonstrating your security program to proven standards. Hackers and bad actors will continue to take advantage of companies with poor security. They are constantly innovating to find new ways to steal sensitive data. Companies need to stay one step ahead and while holding a security certification can’t prevent the hackers from attacking your company, it will help you know when it is happening and how to quickly react to reduce any damage caused.

The latest updates to the Ostendio MyVCM platform

The Ostendio team has been busy in 2021 bringing updates and enhancements to our Ostendio MyVCM customers including:

  • - The Risk Management module is now in full production and is being used by about 10% of our customer base, with excellent feedback so far.
  •  
  • - Ostendio MyVCM’s new UI is underway.  Included within the recently redesigned Audits module, a newly added configurable lists feature, and the impending role management customization feature, the new UI is cleaner and simpler to follow.  Look for more updates with configurable dashboards and reports, an updated assessment design, and all other modules.  
  •  
  • -The MyVCM Trust Network continues to grow: More companies are joining the MyVCM Trust Network and experiencing the benefits of a more robust data security program, access to real-time data, and increased vendor risk management.
  •  
  • - The MyVCM Certification program is taking shape and is on track to be rolled out later this year.

The Ostendio MyVCM platform also hit an impressive milestone of over 100,000 individual user activities a month (up from 70,000 a month at the start of the year). These monthly activities reflect our customers’ work to protect sensitive information, manage their risk, and work towards compliance with the over 100 regulations and standards globally. 

Winning awards

The Ostendio team and the Ostendio MyVCM platform continue to be recognized as a leader in the industry.  At the 2021 Cybersecurity Excellence Awards, Ostendio was recognized in 5 leading categories including Best Cybersecurity Company - Gold Award

Take the next step

If you want to improve your data security or risk management program, schedule time to speak to an Ostendio expert who can show you how the Ostendio MyVCM platform can help your business protect itself with always on, always auditable, and always secure data.

You can also learn more by following Ostendio on LinkedIn and Twitter.

Further Risk Management Reading:

BLOG: What’s the difference between Risk Management and Risk Assessment?

BLOG: Why is Vendor Risk Management a “tick the box” process for most companies?