As a board director with cybersecurity experience, I always advise a company that no matter what they do the company will be hacked.
Gartner research suggests that 60% of companies that lose their data are not in business after five years and according to the U.S. Cyber Security Alliance, 60 percent of small companies that suffer a cyberattack are out of business within 6 months.
A company must decide the data that they must protect and the data that they want to protect. The cost is usually prohibitive to protect all the company data. Depending on the size of the company, each company will take a different approach. The common denominator is: All companies must have a cybersecurity policy and all employees from the receptionist to the C-Suite executive team must be trained in this policy.
Here are a few questions for management to ponder:
- Do you know what information you need or want to protect?
- Is your data not only archived, but also organized for rapid retrieval?
- What is the relationship between onsite and backups or cloud-managed data?
- Do you have a data security plan and policy?
- Are all employees trained and continue to be trained in this policy?
- What happens if your customer’s data is compromised?
- Do you have the proper in-house staff and outside consultants? (PR, Lawyer, technical personnel in case of attacks)
- Does your company practice what to do if hacked? (like a fire drill)
- Does your company have proper backup procedures?
- How long would it take to get back up and running after being hacked?
- Does your company try to restore its data at least once a year? (This can be done through a simulation.)
Obviously, the better handle you get on all of your data and the systems and people that manage this data, the better off you will be in the event of a cyberattack, data breach, or hardware or software malfunction.
What questions are still unanswered in your company?
For more on preventing cybercrime, read my article: 8 Strategies for Dealing with Cyber Risks
P.S. – Do you need an Outside Director, Advisory Board Member, Trusted Advisor, or Interim CEO? Someone who can help you see your business and your goals through “Fresh Eyes.” Contact me and I will work with you to look at where you want to go and help you find the best way to get there. Sometimes all it takes is someone with a fresh viewpoint, unencumbered by company politics or culture to help find the right solution.
You are on target regarding the importance of Cybersecurity and all the factors that need to be addressed on this topic.
As you state ALL employees need to be aware of the exposures related to the information that is accessible on all their technology equipment from the smart phone to the Company technology, whether it be internet cloud based or an in house system.
Everyone also has to be aware that with the smart technology in your home that all your personal information is at risk through these devices.
As an Insurance sales Executive, I see many sides of the cybersecurity topic and exposures everyone faces. No one likes to complete the complex lengthy questionnaire to receive a cyber insurance proposal, but I always point out to my clients that the form is a great resource to help understand the many exposures we all have; from having our clients, employees and our own personal information jeopardized and stolen. The application/questionnaire can be a great tool to work with you internal and outside IT staff.
Remember, as you have said Larry, it is not a matter of if this will happen to you, but when & to extreme will it effect you business.
Bill, Thanks for updating us on the insurance aspects of cybersecurity. The board needs to guide management on the amount of insurance and what needs to be covered. A good insurance broker is an important part of a company’s cybersecurity team. Thanks for your comments. Larry