A recent article published by DarkReading discusses the 10 Critical Steps to Create a Culture of Cybersecurity. Despite the increased coverage of cyber incidents, many organizations remain vulnerable to the reputation-damaging and costly effects of such an attack. “According to Kaspersky Labs and the Ponemon Institute, 90% of businesses have experienced a cyber attack, with an average cost per breach of $3.6 million.” Creating a “unified governance” approach to business by combining security with data management and information governance can help to create a strong barrier to cyber incidents. The 10 steps outlined in the article include:
- Bring everyone to the table – Senior executive engagement is essential.
- Avoid contributing to your own victimization – Fear of the consequences causes inaction and exacerbates the harm associated with cyber incidents.
- Eschew a compliance-only mentality – Cybersecurity compliance is really about preventing victimization, not internal wrongdoing.
- Employ Information Governance best practices – You cannot protect the unknown. To protect data — and successfully manage a breach — you must identify your data, its location, its value, users with access, and applicable legal obligations.
- Utilize information resources – Plenty of resources exist for learning more about cybersecurity and improving your risk profile.
- Counter the insider threat – Insider threats — whether intentional or not — should be a top concern for executives and an essential part of employee training.
- Manage the third-party threat – Your contracts therefore must include all rights and obligations related to handling and securing sensitive information.
- Control your endpoints – You must be able to manage all devices that connect to your network or access sensitive data.
- Adopt the latest security best practices – Cybersecurity best practices and tools are essential.
- Never assume that cybersecurity incidents are over – Poor investigations result in greater technical, reputational, and legal harm when the next incident occurs.
Whether you are in a hospital, private business or even academic institution— cyber threats are on the rise and likely to impact your business sooner rather than later. Learning and implementing these critical steps as well as ensuring coverage through a comprehensive cyber liability policy may be the key in preserving your reputation and your bottom-line.