1 Understand the ProblemCybercrime is a murky business. The cybersecurity industry itself is not very transparent. It’s very difficult to get a handle on what the dangers are, and the size and cost of the problem. Still, many organizations have cybersecurity tucked away in their IT departments. It’s time to bring it up and dust it off.
2 Know Your RiskIf you are hacked, what are some obvious operational losses that will have a tangible impact on your business? What happens to your business if it becomes unavailable to your customers for a period of time? What about strategic plans and M&A pricing data: What if you don’t know if this information has been compromised? Manage these risks now.
3 Decide What Your 'Crown Jewels' AreWhat are you trying to protect? Is it customer data? Is it financials? Is it just your consumer-facing website? Or does it go much deeper than this, to intellectual property and patents? Decide what’s crucial to you, and build security architecture around that.
4 Know The RegulationNew regulations coming through the European Parliament, which are likely to come into force at the end of 2015, will make breach disclosure mandatory. There will be huge fines for companies who actively fail to disclose breaches of their systems. It’s a good idea now to begin discussing your companies’ compliance to data privacy and breach notification regulations.
5 Know Where To Spend ItOnce you have a clearer picture of the risk to your critical information assets, decide how to deploy resources. If you are breached, you will need to deal with a fast-developing crisis with lots of moving parts. Consider now the costs you might need to lay out, including any losses the breach may cause, consulting costs, potential liability, potential court cases, and insurance. Practice your response now.
Thursday, October 16, 2014
5 Things Boards Should Do About Cybersecurity Now
The Wall Street Journal sat down with two top-tier experts in cybersecurity and risk management. Raj Samani, CTO EMEA at McAfee; and Stephen Bonner, Partner in the Information Protection and Business Resilience team at KPMG, laid out the key issues boardrooms need to look at to secure their company’s data and reputation.