We hear about these constantly…data breaches, hacks, ransoms, DDoS attacks. The statistics and casualties are alarming as the incursions have only increased due to the Covid19 remote worker shift.
The costs to businesses can be staggering and, in some cases, fatal. Many people think they are too small a business or not a good target for hackers. They will not be impacted by any of these concerns and are reluctant to divert the necessary financial resources or time required to implement a “breach avoidance” plan.
For those unwilling to make the investment, your time is up!
Consider this:
What if your largest customer or supplier told you they can’t do business with you anymore if you don’t have a data security plan in place?
Enabling a work from home environment requires additional security considerations…have these been addressed within your organization?
At least 25 states have enacted some data security laws that make you responsible and accountable for the security of customer information (beyond existing rules for HIPAA, PCI, GDPR, etc.). Generally, they require implementing and maintaining reasonable security procedures and practices, including the following:
Encryption
Multi-factor authentication
Incident response plan
Training
Risk assessment and mitigation plan
Network Penetration Testing
Simulated Phishing Attacks
Data destruction policies and certifications… data is your responsibility until someone certifies it is no
Board oversight
Cyber Insurance – This is becoming a requirement for many businesses to protect themselves and in many cases require you or your business partners to have a plan in place or their own insurance to reduce potential liability. Answers to the questions above are required to apply for this coverage. Practically speaking, a good plan should mitigate risk…which allows you to obtain a “preferred” rate for this coverage.
So where do you start to make sure your organization doesn’t become a statistic or the feature story of the nightly news?
Understand applicable laws and regulations
Conduct a risk assessment
Implement reasonable security and privacy practices
Prepare a written information security program
Develop an incident response plan
Train employees on security and privacy obligations
Conduct risk assessment on third-party vendors
Review insurance coverage for cyber-related incidents
Need help? We have the resources to assist in these areas…they start with a risk assessment and chart the course for developing an action plan to:
Reduce your exposure to data/network breaches and potential legal action
Preserve your business relationships
Quickly recover from a breach/avoid business interruption
No organization can afford to ignore the realities of bad intentioned entities…Contact us to learn more!
Comments