Skip to main content

Is your Board addressing these two issues?

Is your Board addressing these two issues?

We’ve been talking about how your Board and shareholders have a vested interest in understanding and overseeing how yourcompany will defend itself against the effects of cybercrime. Here are two more areas where you will need to have plansand your board should be focussed on how they will be handled

Data Loss

Unless their goal is pure mischief, most cyber thieves are seeking data that can be monetized in some fashion. Customerdata is a rich trove of data, providing thieves with the information to steal identities or hack bank accounts andcredit cards. Only, they don’t just want your customers' data. Your business has its own proprietary and financialinformation. You have company credit cards and bank accounts.

Legal

Should you suffer a significant loss of customer data, you may be subject to legal regulations. At the very least, youare likely required to notify the victims and the state or legal entity that regulates data loss in your jurisdiction orindustry sector. For example, HIPAA has reporting requirements. Beyond reporting requirements, there may be financialpenalties that can be imposed for significant data loss, especially if it could have been avoided via more strictinternal controls. Again, HIPAA is an excellent example. California now has data regulations and the European Unionimposes severe penalties for data loss that impacts any resident of the EU, even if the violator is not located withinits geographic boundaries.

Your entire c-suite should be focussed on these issues and working with the Board to get the support and investment toprotect the organization.

Comments

Post a Comment

Popular posts from this blog

Protecting Your Data on the Cloud

Protecting Your Data on the Cloud Cloud storage has transformed the way businesses store and manage data, but for some, it also raises concerns about data protection. This blog post discusses a few security measures that can be deployed when using cloud storage. Data Encryption One of the fundamental security features of cloud storage is encryption. It ensures that your data remains confidential and protected from unauthorized access. Cloud storage providers use encryption algorithms to protect data both during transit and when stored in their servers. This means that even if an attacker intercepts the data in transit or gains access to the storage servers, the information remains unreadable. Encryption adds an extra layer of security, ensuring that your data remains confidential and secure. Access Controls and Identity Management Concerned about access to data? Cloud storage providers offer access controls and other mechanisms to prevent unauthorized access to your data. These feature
Post a Comment
Read more

Why Migrate to the Cloud

Why Migrate to the Cloud If you haven't already considered migrating your data storage to the cloud, you are probably in the minority of businesses. While it may seem intuitive that somehow your data is safer if it is stored “ at home,” on location at the site of your business, that probably is not correct. Given the ability of skilled cloud service providers to provide redundancy and a level of security unattainable by a small business, storing all your crucial business data on site using in-house support is probably akin to keeping your money under the mattress instead of a bank. In this blog, we’ll explain what cloud data storage means, and some reasons why it may be a good business decision. In addition, we’ll quickly note some reasons some people get nervous about the security of cloud storage. What is cloud data storage? In an earlier time, a business would store all of its data on-site. Individual employees might keep all of their Word and Excel documents filed on their PC.
Post a Comment
Read more

Risk assessment: A Value model

Risk assessment: A Value model Risk assessment means looking at all the conditions, situations and threats that exist that could damage or bring down your business. Risk assessment is all about identifying the external and internal threats that exist and measuring the likely consequences if that threat becomes reality. A data security risk assessment would identify what data you have, how you use it, how confidential it may be, how it is affected by regulations and the ways it could be compromised. A major focus of a data security assessment is cybercrime. In terms of developing an IT staff, the alternative approach to building out a team is to determine your IT staffing needs in terms of risk assessment. That means evaluating risk and directing staffing resources to those areas where the risk is greatest and the consequences most severe. Basically, it is an evaluation on the ROI of your IT staffing in light of identified risk. In particular, what is the return on your risk management
Post a Comment
Read more