Raising the Security Bar

There is no way for companies to completely eliminate the risk of data breaches and cyber attacks.  However, there are steps they can take to reduce potential losses, and they aren’t terribly expensive or terribly difficult.

 First, involve leaders from different departments (e.g. information technology, risk management, legal, finance, human resources, marketing or public relations) for discussions on cyber liability issues.  If possible, involve third party business partners and vendors as well. 

Prepare an organized and comprehensive data breach response plan, including individual and departmental responsibilities.  The team must respond quickly to mitigate damages.  Include plans for public relations, as reputational harm may prove more costly than direct financial losses.

Evaluate the data collected and stored on your system.  If there is a lot of information collected but never actually used, consider getting rid of it.  It poses a 100% risk with a 0% value.

From Business Insurance, March 12, 2012 issue, pp. 4 and 18.