Cyber Attack Protection
If you possess personally identifiable information on a lone employee or single customer, you have a cyber exposure. That data doesn’t have to exist on a network, either. These days, holding any personal information – even if it exists only on paper – presents a potentially costly privacy risk that falls under the cyber umbrella. Loss can occur as a result of access to networks via stolen credentials or breaches, unsecured or lost mobile devices or malicious email or web links.
All companies, regardless of size, need adequate controls in place that minimize possible points of entry to their private information. Perhaps, most importantly, they also need to understand:
- What data do they have?
- Where do they have it?
- How are they protecting it?
- What are employees allowed to have on mobile devices?
- How is remote access monitored, including vendors?
- Is there a documented chain of command for handling sensitive paper documents?
- What is the company’s policy on USB drives?
All business leaders must address these basic governance concerns. With controls in place, a company’s next step is to revisit its cyber risk management strategy. Companies need to decide if exposures can be minimized by changing processes or the way data is stored. They must explore how those exposures can be mitigated with network security, privacy policies, training and expert assistance. And they should understand what risks can be transferred to third parties, and what risks should be retained.
Obviously, insurance is an important weapon in this war. According to one study, the average security breach costs organizations almost $200 for each record that’s stolen, or about $5.5 million for the typical company breach. A claim that size could cripple a business without adequate insurance coverage.
The challenge is to avoid claims and lawsuits by staying ahead of the risks, implementing controls and processes that prevent lapses, and building the strongest wall possible around all personally identifiable information