Co-Founder and CEO of Entreda, which provides comprehensive cybersecurity solutions for independent retail financial advice firms.

Balancing the risks and benefits of any decision is an unavoidable part of daily life in the age of COVID-19. That trip to the supermarket carries some risk of infection, but the reward is obvious — more groceries.

Similarly, businesses must be able to weigh the risks associated with their own cybersecurity. In a world where it's commonplace for companies in virtually every industry to share sensitive customer information with third parties, it's no exaggeration to say that reputations are on the line each time that happens.

Indeed, because data have enormous value in today's digital-centric advertising and economic landscape, many are tempted to misuse it, increasing the risk of cyberattacks. Therefore, businesses — especially small businesses — need a way to determine whether they can trust users with access to their networks and applications to keep their customers' data safe.

The good news is that "cyber risk scores" are becoming increasingly common.

Cyber Risk Score

Think of a cyber risk score as evaluating a vendor's digital safety performance. Different scoring methods may emphasize different metrics, but the goal is the same: to provide businesses with an objective, reliable selection and due-diligence tool.

When applied consistently across competing vendors, small businesses are then able to evaluate whether sharing data with another company will expose them and their customers to greater risk. Much like there is more than one consumer credit bureau, it's possible to get multiple cyber risk scores on the same firm.

For instance, FICO — the leading provider of consumer credit scores — also has a general cyber risk scoring tool. On top of that, there is a range of similar tools offered by other information technology specialists. Meanwhile, some businesses could no doubt benefit more from having a cyber risk tool that has been built specifically for their industry. Financial services comes to mind.

Whatever the case, each tool/scoring system should share some commonalities. Those include:

• Endpoint Protection: How secure are a vendor's endpoints, including all the company- and employee-owned computers, smartphones and tablets that workers use to access customer data? This is particularly crucial since working remotely is becoming more of the norm. That often means employees will use a personal device for work purposes.

• Network Protection: The methodology should also evaluate how well a company protects its servers and other IT infrastructure while also assessing other points of vulnerability that are less obvious but have the potential to wreak havoc on a vendor's network, including connected cameras, smart speakers and printers.

• User Behavior And Performance: Risk scores should reflect the effectiveness of a vendor's user training programs and cybersecurity policies. This will demonstrate how well its employees and others with access to customer data understand fundamental cybersecurity concepts and how closely they adhere to what they have learned about the firm's cybersecurity guidelines and requirements.

Empowering Businesses

Today's digital-first business environment means that businesses can't do it all on their own. They rely on third-party vendors to fulfill a range of mission-critical tasks, many of which involve the transfer of sensitive customer information that must be protected from cybercriminals and human error.

Trusting vendors to handle this data calls for the ability to discern whether their cyber practices are effective. A standardized, objective cyber risk score is a crucial part of that evaluation process, empowering businesses of all sizes to make smart decisions about which vendors to share data with and, importantly, which ones to avoid.