• Allison Holland

What do CyberSecurity, Data Destruction, and Data Privacy all have in common?


We hear about these constantly…data breaches, hacks, ransoms, DDoS attacks. The statistics and casualties are alarming as the incursions have only increased due to the Covid19 remote worker shift.

The costs to businesses can be staggering and, in some cases, fatal. Many people think they are too small a business or not a good target for hackers. They will not be impacted by any of these concerns and are reluctant to divert the necessary financial resources or time required to implement a “breach avoidance” plan.

For those unwilling to make the investment, your time is up!

Consider this:

  • What if your largest customer or supplier told you they can’t do business with you anymore if you don’t have a data security plan in place?

  • Enabling a work from home environment requires additional security considerations…have these been addressed within your organization?

  • At least 25 states have enacted some data security laws that make you responsible and accountable for the security of customer information (beyond existing rules for HIPAA, PCI, GDPR, etc.). Generally, they require implementing and maintaining reasonable security procedures and practices, including the following:

  • Encryption

  • Multi-factor authentication

  • Incident response plan

  • Training

  • Risk assessment and mitigation plan

  • Network Penetration Testing

  • Simulated Phishing Attacks

  • Data destruction policies and certifications… data is your responsibility until someone certifies it is no

  • Board oversight

  • Cyber Insurance – This is becoming a requirement for many businesses to protect themselves and in many cases require you or your business partners to have a plan in place or their own insurance to reduce potential liability. Answers to the questions above are required to apply for this coverage. Practically speaking, a good plan should mitigate risk…which allows you to obtain a “preferred” rate for this coverage.

So where do you start to make sure your organization doesn’t become a statistic or the feature story of the nightly news?

  • Understand applicable laws and regulations

  • Conduct a risk assessment

  • Implement reasonable security and privacy practices

  • Prepare a written information security program

  • Develop an incident response plan

  • Train employees on security and privacy obligations

  • Conduct risk assessment on third-party vendors

  • Review insurance coverage for cyber-related incidents

Need help? We have the resources to assist in these areas…they start with a risk assessment and chart the course for developing an action plan to:

  • Reduce your exposure to data/network breaches and potential legal action

  • Preserve your business relationships

  • Quickly recover from a breach/avoid business interruption

No organization can afford to ignore the realities of bad intentioned entities…Contact us to learn more!