I just attended a really good panel discussion on Cyber Security presented jointly by the Institute for Corporate Governance at UT Dallas’ Jindal School of Management and DFW Tech Titans. There were many thought-provoking contributions, but I thought the following would be of interest to almost anyone interested in Cyber Security.
Security, especially Data Security is an enterprise-wide issue. It is not just for the CISO or even the CEO or the Board of Directors to worry about. It must be an integral part of the company’s conscientiousness, part of each manager’s, employee’s or contractor’s conscientiousness. It must always be a consideration when a company deals with sharing data inside its own operations, to its supply chain and to and from its customers.
Data breaches and thefts have real legal and financial ramifications. It is more, much more than just an inconvenience or annoyance. It impacts reputations. It can become extremely expensive to put things back together. You can’t hope to hide a problem because it will get out.
A company should build a relationship with external security experts to supplement their own internal managers before a breach occurs so that responses can occur very quickly with the right focus.
Organizations should do an honest assessment as to if they have sufficient resources (financial, technical and human capital) to deal with breaches. This can be a moving target and needs at least a yearly review.
What risk is acceptable? Look at the organization-wide implications. Are some types of risk acceptable? Do a cost/benefit analysis of every scenario imaginable. Can you get insurance for some types of breaches or thefts? Is insurance cheaper than addressing the core problem?
Are the executive and his team responsible for data security out in from of known threats? Does the organization have an emergency plan to deal with an attack immediately? Does the executive in charge of leading the response and recovery have easy access to the CEO and the Board to permit rapid decision making and expense approval?
If an organization is going to install insurance coverages that they believe will protect them financially, does that coverage align with just some arbitrary budget or is it designed to actually align with the organization’s real operational recovery expenses as well as its financial and reputational exposure? Plus, will it cover all sales and customer support recovery expenses?
Probably now is a good time to review your own situation. And remember Kloke offers real data security and will be introducing in 2020 ransomware recovery solution. Both of which will help you address the issues above.
Rick Nelson, CEO