A Cyber Breach Is a Business Problem, Not an IT Problem - Is your Company Prepared?

Boards of Directors are focused more on Cybersecurity Incidents

  •     It’s estimated that 65% of all organizations have experienced a Cyber Incident in 2016.
  •     The number of stolen records are approaching a trillion records.
  •     The average incident goes undetected for 214 days.
  •     The Internet of Things (IoT) represents a new dynamic to the problem.
  •     Yahoo reduced its sales price by $350 million due to poor breach response.
  •     The FBI estimates $1 billion in losses incurred in 2016 due to ransomware.
  •     While most focus on Cybersecurity, the evolving issue will be privacy rights.

What steps can you take to improve your security posture, and reduce your risk of a cybersecurity incident?

    1.   Develop a Cybersecurity plan using a recognized protocol such as the National Institute of Science and Technology (NIST) framework.  This framework is available for large and small companies.
    2.   Practice good Cybersecurity hygiene:

    • Install and update Firewalls and Anti-Virus software.
    • Adopt complex passwords and two factor authentication.  Complex password software is very affordable.
    • Update all software and apps - if you don’t use them - delete them!
    • Install Encryption software on all devices especially laptops, tablets, and mobile phones.  Again, this is very affordable.
    • Segregate and back up data frequently - at least daily in an ‘off line’ environment.
    • Keep only data you need, and encrypt it when not in use.  Discard all old and unused data, and remember to shred paper data.
    • Restrict access to data to only those required to have access.
    • Restrict ‘administrative rights’ to only those required and qualified to use (hint: not usually the CEO).
    • Train your associates on ‘phishing’ and business e-mail compromise frauds so they don’t become victim.

        3.   Include your outside experts: legal, risk (insurance), forensics, communication, compliance, and Firestorm breach coach in your Cyber Incident Response Plan.  Test the plan, your first cyber attach is a bad time to practice your response with the plan for the first time.
        4.   All experts agree that almost all companies have been hacked; being prepared is more important than believing you can stop it.

    A Cybersecurity Response Plan should be part of your overall Enterprise Risk Management plan.  New laws in numerous states and the European Union regarding the privacy rights associated with data now make the penalties for losing that data extraordinarily high.

    Firestorm leadership, as experts in vulnerability analysis, risk mitigation, planning and crisis management, supports management and organizations before, during, and after a cybersecurity crisis. How you answer the questions “What should we do now?” and “What should we say now?” can have far reaching implications for an organization. 

    For more information on this topic or any other business continuity preparedness questions I can be reached at 410-303-0635 or kmercer@firestorm.com.  www.firestorm.com.  Please join me in two weeks for my next topic on a communicable illness plan.  If your company is struck by a communicable illness up to 40% of your employees might not be able to come to work.  Would that be a problem for you?