Did you know that most data breaches are opportunistic rather than targeted? I certainly didn’t until I attended a technology conference and learned so much during a session on the topic of cyber security. I am sharing some of the things I learned but all credit goes to the SMC3 conference and the panelists.
Cyber security is:
It is NOT just technology! Many companies think it is just technology and do not know what to do or how to respond when a breach occurs.
In the event of a breach or hack:
- You needed to have a back up regimen in place
- You need cyber security liability coverage
- You need to know if you have a recent back up or can rebuild from other sources
- Implement your disaster recovery plan – preparation is key
- Concise PR plan
- No panic
- Do not hesitate to contact law enforcement (this does not mean all breach details are then a matter of public record)
You need to determine what information is proprietary/confidential to your company and make sure it is up to date, accurate and protected. Determining what data to protect is very important.
A bit about breaches:
- Average dwell time is 270 days – the person/organization has been in your system for 9 months before the breach is discovered.
- The vast majority of breaches are opportunistic rather than targeted.
- Breaches can happen through vendors/partners who have access to your data so you need to make sure they are following the data protection protocol that you have in place.
Policy vs. practice
You MUST be doing what you think you are doing! Does your practice match your policy? If it doesn’t and that’s discovered after a breach your insurance will not pay or if they discover during an investigation after they pay they will sue you and get their money back.
Good people are nice and want to be helpful. That is not always a good thing. Two quick examples:
- An employee allowed access to the company’s server room because the person had a plausible reason to enter even though the company policy is to not allow people into areas with sensitive data at all.
- A badly brown spray-painted truck (meant to look similar to a UPS vehicle) was allowed into a warehouse dock area with no questions asked.
Effective cyber security is essential in today’s online world. How we protect our own data, customer data and partner data will likely continue to become more complex. First things first, as we like to say at roux, what data of ours and yours needs to be protected?