Security Questionnaires: You Can’t Just Blame the Intern

December 12, 2024

Facebook
X (Twitter)
Pinterest
fb-share-icon

Let’s face it—no one enjoys security questionnaires. They are tedious and time-consuming, and it’s easy to question their real effectiveness in mitigating security risks, especially since they’re often a check-the-box exercise. However, in today’s digital landscape, they are unavoidable for building and maintaining trust with customers. Join us as we confront this harsh reality: despite our dislike for them, we bear immense liability in ensuring they are handled with integrity and consistency. We can’t just buy a tool or hire a low-cost resource and then blame them when errors occur and cause issues with customers. Leave this chat with insights about the legal implications for your answers, how to mitigate the risks and new ways to manage the fall out.

 

You May Like These Posts

Security Awareness Training – Ransomware

One Click Is All It Takes   A single click on a phishing link. A password change request that didn’t feel quite right. A forgotten remote desktop login. That’s all it takes for ransomware to slip in and start locking down systems—and businesses.   Why Ransomware Is Still a Threat   Despite increased awareness, ransomware […]
Read more

The Difficulties of People Taking Ownership

So, you've got an amazing team of tech savvy folks who love the tech side of things.     They excel in implementing the latest tools and systems, but when it comes to the less glamorous side - like making sure tasks are completed and nobody drops the ball - things start to get a bit […]
Read more

Why Cybersecurity is as much Art as Science

In this kickoff episode of The Art of Cybersecurity, host Cheri Hotman shares why this podcast exists and what listeners can expect. Cyber isn’t just science or technology — it’s art. It’s messy, constrained, people-driven, and ultimately about mitigating risk to protect people and data. Cheri cuts through the noise of “easy button” tools, audit-passing […]
Read more

Building Customer Trust in the Digital Age: Evolution, Importance, and Observations from the Field

In today’s digital age, customer trust is more crucial than ever. Join us as we explore the evolution of customer trust, highlighting its importance in building strong customer relationships. We’ll delve into how trust became so important and some of the pivotal moments that shaped its current state. Looking ahead, we’ll discuss emerging trends and […]
Read more

The Audit Trap: Why Passing isn’t Protection

Think passing an audit means your cybersecurity program is solid? Think again. Many organizations unknowingly expose themselves to greater risk by relying on compliance checkmarks rather than a true security strategy. In this session, we’ll uncover the hidden dangers of audit-driven security, why "passing" may leave you more vulnerable, and the real steps leaders must […]
Read more

Vulnerability Scans: Only Part of the Equation

There are two primary ways we see companies manage vulnerabilities… one of them significantly riskier than the other.   Reactive strategies rely on a problem to arise before taking action. This makes reactive the riskier option of the two, hopefully for obvious reasons. Using a reactive strategy is like waiting for an electric bill to […]
Read more

Security Awareness Training – Social Engineering

Join us for an essential Security Awareness Training session focused on Social Engineering. In this session, we delve into the critical importance of cybersecurity awareness and how you, as an individual, serve as the first line of defense against cyber threats.   Key Topics Covered:   Why This Matters: Remember: Technology alone cannot protect you. […]
Read more

The Danger of the Perfect Audit

Most companies accept audit reports at face value. Green checkboxes across the board, zero findings, everything conforming. That sounds like good news. It isn't. In this session, Cheri Hotman is joined by Tanya Wade, Brittany Schroeder, and Ja'Kayla Lovelace to do something different: pull up a real (fully anonymized) HIPAA compliance audit report and walk […]
Read more

Security Awareness Training – Artificial Intelligence & Emerging Security Risks

Join us for an essential Security Awareness Training session focused on the evolving landscape of Artificial Intelligence (AI) and the emerging security risks that come with it. In this session, we explore how AI is being used in everyday tools—and how it's also creating new opportunities for threat actors. This training emphasizes awareness, responsible usage, […]
Read more

Post A Comment

Leave a Reply

Your email address will not be published.

Endless audits and customer demands were never supposed to replace real security.
We build, implement, and run Cyber GRC programs that reduce risk, protect the business, and still pass audits.

Hotman Group is a certified

woman-owned business (WOSB)

Hotman Group, LLC

Fort Worth, TX

Privacy Policy | Terms of Service | All Rights Reserved © Hotman Group, LLC