Building Cybersecurity: Understanding What’s at Risk
To properly address cybersecurity, you need to have the functional capabilities to identify, protect, detect, respond, and recover. The first step in developing a cybersecurity strategy is to identify the risks present.
Know your data
A critical initial step in enhancing your data security is to identify what data you have, along with how your data is managed and secured. Identify what data is collected and which people, apps, and devices have access to that data, and have a second copy of your data available for recovery. You should also have a thorough inventory of the kind of information you have, how much of it you have, and where you have it. This includes customer and employee personally identifiable information (PII), such as financial, account, and salary information, in addition to other business data, like trade secrets, marketing plans, and new products specifications.
Know your portable devices
Theft and accidental loss of laptops, smartphones, and tablets are leading causes of compromised data. It is crucial that these devices are inventoried and centrally managed. In the event of a breach, the devices can be remotely secured and the protected information can be rendered unreadable and unusable.
Know your team
Everyone is accountable for managing cyber risks, including temporary workers and contractors. Have you implemented a sound internal communication and training strategy on the protection and proper use of sensitive data, including how to recognize and report security threats? Have you integrated cybersecurity into your employee orientation, with an emphasis on the consequences of sharing passwords, falling for email phishing scams, exposing laptops and USB storage devices to theft, and otherwise neglecting to observe data security policies?
Know your vendors
When entrusting personal information to third parties, implement reasonable measures to ensure that they have the capacity to protect this information. This means selecting only service providers which are capable of maintaining safeguards (equal to or better than yours) for personal information, and it means contractually requiring them to maintain such safeguards. You should also mandate that your vendors show proof of insurance to provide you with protection if they are the cause of loss.
Know your budget
Insurance is an important weapon in this war. According to the 2017 Ponemon Institute Cost of a Data Breach Study the average security breach costs organizations a $141 for each stolen record. According to the study, however, having an incident response team — either in-house, via a third party or a combination of both — can decrease the loss by 19.30 per record. For more information, use IBM’s data breach calculator to examine the cost of a data breach in your industry and location.
As part of identifying which assets and data could be attacked, an organization should also assess the potential impact of the data falling into the wrong hands. For example, do employees know how to protect this data? How and when can a breach be discovered? What is the first move in the event of a breach?