We'd have an elaborate security questionnaire that we'd send out to vendors to fill up and submit. Having reviewed countless of these questionnaires, I developed a process to help me quickly identify the gaps:
#incidentresponse - Are you collecting all your logs in a centralized secure location and more importantly do you have a team to review the alerts generated by suspicious activities.
#patching - The simplest but often the most ignored one. Needs no explanation, hackers love it when you have unpatched vulnerabilities from the 2010s.
Are you sacrificing becoming a preferred provider for larger firms because you can’t pass their #cybersecurity audit? Careful Security is here to help!