Did you know even one cyber-security lapse within our global supply chain can put us all at risk? That’s why it is important to make sure our trusted partners and suppliers are kept up to date with cyber-security best practices before an attack occurs.
Why Vendors Matter
Organisations everywhere depend on a wide spectrum of product suppliers, developers, vendors and other third-parties. As an important factor for our operation, providing everything we need to serve our Guests along with the support to operate as a global organisation, this dependence carries cyber-security risks. Something to combat exposure to dangerous hackers is proper training and protocols that can help teach vendors how to protect themselves and your company at all times.
Keep this checklist in mind when reviewing your company’s third-party protocols
- Direct them to the Third Party Privacy, Security & Risk Management Portal for standards and policies.
- Vendors that handle personal or confidential information, accessing the network and/or providing services via the Cloud must complete the Third-Party Risk Management (TPRM) process and have a Data Privacy and Security Addendum (DPSA) executed. Get it started by emailing TPRM@hollandamerica.com
- Schedule regular supplier password resets on [BRAND] systems they access.
- Encrypt data and documents that are sent to suppliers and vice versa. Do it by using [secure] first in the subject line.
- Send information through secure file transfer services instead of through unsecured attachments.
- Set up a regular schedule for suppliers to get rid of old files or documents you send to them.
- Understand how suppliers comply with General Data Protection Regulation if doing business in Europe.
- Ask the supplier if they have security standards in place for their suppliers. Note that suppliers who qualify for the TPRM program must ensure that their downstream suppliers meet the same security and privacy specifications as they do.
- Determine if the vendor’s systems and software are updated regularly.
- Establish points of contact for vendors in case a threat occurs.
- Enforce required cyber-security & privacy training.
As we continue to strengthen our phishing awareness, it is important to help out fellow vendors and partners by encouraging positive cyber-security practices. Following these protocols and reminders is a great start to helping your vendors and organisation stay safe and up to date to prevent any undesirable cyber scams.
Although Carnival UK does require all suppliers and partners to meet privacy and security standards, vendors are not under your security control, so we count on you to spot and report cyber risks if you see them.
Visit this trusted cyber-security resource for more tips on reducing vendor cyber-security risk https://www.venminder.com/blog/best-practices-reduce-third-party-cybersecurity-risk *
*This is an approved, safe link taking you to a Venminder page. We use Terranova and Yammer and other trusted third parties and their websites to help educate us about these scams.