Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Leadership Team

Meet the MetaCompliance Leadership Team

Careers

Join Us and Make Cybersecurity Personal

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Security Awareness Training with Third-Party Suppliers

Security Awareness Training with Third-Party Suppliers

about the author

Share this post

An effective way to manage third-party supplier vulnerabilities is to implement Security Awareness Training with third-party suppliers.

The vendor ecosystem is an integral part of many organisations and provides support for a successful business. This intimate, often complex, relationship between vendors has resulted in fault lines that hackers exploit. Security Awareness Training with third-party suppliers is extremely important.

The extent of these third-party vulnerabilities was captured in a 2020 survey by Opinion Matters: the survey explored third-party ecosystem security issues with CIOs, CISOs, and Chief Procurement Officers. One of the most worrying outcomes of the report was that around 82% of UK organisations had suffered a security breach originating in the wider vendor ecosystem. The survey also pointed out that the UK has the poorest visibility of security vulnerabilities in the supply chain. 

Managing the Security Implications of Using Third-Parties 

Security Awareness Training with third-party suppliers is a holistic process that involves many moving parts. Because of the complexity of these systems both accidental data exposure and cyber security targeting of the supply chain leads to serious security threats and increased corporate risk.

Companies that use suppliers and other third parties, are typically responsible for the outcomes of a cyber attack, even if the fault lies with a third party. Regulations such as ISO27001 and PCI DSS (Payment Card Industry Data Security Standard) have requirements that expect any data risks associated with third-party suppliers are managed. 

recent study from ENISA found that 58% of attacks focus on obtaining access to data with 62% of attacks dependent on manipulating the trust of customers in the supply chain. The ENISA report states that:  

strong security protection is no longer enough for organisations when attackers have already shifted their attention to suppliers.” 

Incident reporting was also highlighted in the report as being poor, thus impacting the visibility of vulnerabilities up the chain.  

With supply chains being responsible for so many cyber attacks, focusing on the human side of cyber security, by ensuring all third parties are fully aware of the challenges of security, is vital. Addressing the human element in the cyber security threat equation comes in the form of Security Awareness Training. But how does an organisation manage Security Awareness Training with third-party suppliers?

Important Questions in the Management of Security Awareness Training with Third-Party Suppliers

Managing the security vulnerabilities in the supply chain comes down to the education of employees across that chain. Management of the Security Awareness Training with third-party suppliers and employees comes with several key questions: 

Does the Third-Party have Security Awareness Training in place? 

Find out if your supplier has a Security Awareness Training package already in place? Bear in mind, however, that not all security awareness packages are made equal. The level of training must be of a standard that meets your own company’s expectations. Check that training is carried out at regular intervals. A poor training package that does not use interactive and engaging training materials may not change poor security behaviour in employees.  

Does the Supplier use Phishing Simulations and other Phishing Awareness Education? 

In a 2021 survey by Thales, phishing ranked number 3 in the top ten concerns for data threats. Malware and ransomware, often initiated by phishing, were numbers 1 and 2 respectively. 

Phishing simulations take an employee through carefully configured automated phishing simulation exercises. Over time, this builds up staff confidence in knowing how to spot tell-tale signs of phishing and how to then report the threat. Check with your supplier to see if they use phishing simulations, and if not, help them to develop a program that simulates typical phishing scams that impact your sector. 

Evaluate any Existing Security Awareness Training Campaign with Third-Party Suppliers 

Once you have established that the supplier has a Security Awareness Training program you can evaluate its effectiveness by checking out: 

  • Documentary evidence of training, e.g., training session attendance of employees, types of questions asked by trainees, etc. 
  • Metrics of training effectiveness, e.g., how many employees were able to recognise a phishing message and then report it? 

Metrics help to make focused changes to a program that results in even better training outcomes. 

What if your Third-Party Supplier doesn’t use Security Awareness Training? 

It is increasingly important to tackle the human element of cyber risk. Another ENISA report found that 95% of phishing emails need human intervention to initiate a malware infection. In addition, the threat from accidental insiders also needs to be considered; the Verizon Data Breach Investigations Report, 2021 finding that 22% of security incidents involved insiders. 

Supplier staff needs to be trained to the same exacting levels in security awareness as your own company’s staff. To manage this, the Service Level Agreement (SLA) between your company and your supplier must reflect the level of training you expect to be undertaken. This legal agreement should require that the security training program details are approved to your own standards. Having an SLA in place, that includes a clause for security awareness provisioning, shows that the supplier is committed to both their security as well as yours. 

Great third-party suppliers ensure a competitive edge, but security vulnerabilities can turn a great supplier into a liability.

Cybercriminals look for the weakest link in the chain, the supplier and their staff. To ensure that these chinks in the armour of the chain are mitigated, make sure that the Security Awareness Training with third-party suppliers carried out is carefully managed to meet the expectations and standards you expect.  

Security Awareness Training for Third-Party Vendor

Other Articles on Cyber Security Awareness Training You Might Find Interesting