Hardly a day goes by without hearing about a cyber breach. How prepared is YOUR company?
Tom Bergeron, Editor at NJBIZ, moderated an excellent panel of speakers on this very topic earlier this month. Panelists included Peter Bamber of SMP, Eric Levine, Esq. of Lindabury, McCornick, Estabrook & Cooper, and Hal Soden Jr. of Oliver L.E. Soden Agency. Although cyber security is not my area of expertise, I thought I’d share what I gleaned from today’s panel.
Depending on your industry, there are a variety of protocols which must be in place. Those protocols are ramped up further if you work in a regulated industry such as financial services, banking, and healthcare.
My top takeaways:
1. Make sure all critical patches are updated daily. Don’t ignore those patches pushed to you by Microsoft. Have a patch management system in place and make sure all your employees are trained on protocols.
2. Assess if your insurance is adequate for the risks presented today. They have changed a lot just over the last several years and your policy might be outdated, leaving your company exposed. Remember that cyber liability insurance is a separate policy and NOT included in your business insurance. Attorneys can help you decide if the coverage is adequate. Your insurance carrier will also insist that you download all the required patches or you risk voiding the policy.
3. It’s important to have a Breach Policy in place at your company and insurance companies will request to see this. They’ll want to make sure that you have processes and protocols in place to respond to a breach.
4. Does your company allow employees to “BYO Device “? Employees should be educated on protocols and you’ll need a vulnerability assessment. It’s best to involve an attorney here to order the risk assessment so that there will be attorney/client privileges in place should a breach occur. Employees need to feel comfortable in approaching management if they feel their BYO Device has been compromised. Request that you employees stop conducting personal business on company devices, if you issue separate devices to those employees.
5. If a breach occurs, there are state laws in place in addition to any protocols for your regulated industry. Consult your attorney and then the State Police to report a breach. Regardless, it is important to be transparent that a breach has occurred…..in today’s climate, it WILL come out.
6. Bring in the right professionals to educate your Board of Directors/Board of Trustees (for nonprofits) on the topic of cyber security. Once adequate coverages are in place, revisit this topic throughout the year at your board meetings.
Bottom line….you can’t prevent everything. Even skilled employees will make mistakes. Consult with professionals to get protocols, insurance and attorneys in place today so that you’ll be prepared in the event a breach does happen to your organization.
In today’s climate….I believe it’s not a matter of IF this will happen. It’s a matter of WHEN this will happen.
Maria Semple is the Founder and CEO of The Prospect Finder LLC. Maria consults to small businesses and nonprofit organizations on email marketing, social media and prospecting strategies. She is also an Authorized Local Expert with Constant Contact.