Cyber Security: What Does It Mean for My Business?

Keeping your data and electronic systems safe is critical to the success of your business.  A panel of experts was assembled from the following three perspectives to guide us on protecting our businesses:

  • Legal and Policy –  Allison M. Adams, cyber security attorney from Schenk Annes Tepper Campbell, Ltd.
  • Cyber Insurance – Mike Richmond, a Risk Adviser and Cyber Expert from The Horton Group
  • Technical / Governance – Bruce Ward, a security expert from Peters & Associates

What type of questions were asked?

Using business risk as the common thread, the CFOs, board execs and influencers wanted to know:

  1. How should a company compare the cost effectiveness of protecting itself versus the risk of loss?
  2. Assuming a data breach or a fraudulent transaction has been detected, what actions should a company undertake?
  3. What process exists or do not exist within a company that can allow for employees to steal or to destroy company assets?

What did the experts say?

Several compelling statements and questions were addressed. A few highlights are below:

Some of the following thoughts were shared:

  1. Allison discussed recent court judgments where class action filings have standing regarding consulting pay of an hourly rate with a portion of that rate intended to protect data. This provides a framework for legal decisions to be made now that standing has been established.
  1. Mike stated that data IS your organization’s asset and it is not only logical to inventory your data, but also quantify your organization’s data significance to gauge security measures required. $221 per record was the referenced yardstick.  Beyond the number, another $600+ / record exists in reputation damage, contract reduction, and revenue loss.  How many records is your organization chartered to protect?  Bruce added that significant data can usually be found in the following locations:
              Human Resources – personnel files       Research and Development – patents
              Operations – customer accounts, production       IT – passwords, security architecture
              Financials – past / present / future reporting       Third Party – outsourced vendors
  1. Bruce shared several stories on findings from the field. The biggest thing he has seen is the need for mid-size businesses to have capability to address questionnaires, compliance objectives, or even respond to RFPs with a documented security architecture.  Other shared thoughts included the need for:
    • Managed Incident Response plans, including documented plans, system preparation (logging), forensic teams, and even Bitcoin payment capabilities
    • Technical controls to prevent malicious, as well as accidental data losses

For a free consultation with a security compliance professional, contact us at info@peters.com or 630.832.0075.

By | 2017-05-07T07:26:49+00:00 March 15th, 2017|IT Security Solutions|Comments Off on Cyber Security: What Does It Mean for My Business?

About the Author:

Bruce is the Vice President of Business Strategy. In addition to client-facing roles, Bruce is responsible for operational excellence in areas such as marketing, product alignment, and vendor relations. Over the past 25 years, Bruce has always served in an advisory role for C-level executives, IT Directors and CISOs to ensure that business goals align with IT strategies and initiatives. Microsoft has recognized, trained and badged Bruce as an internal Microsoft resource to allow him full access to solution architecture, roadmaps and competitive guidance. Bruce has a focus on consultative education and helping organizations envision their future with justifiable rationale. He is sought after on speaking engagements including CIO roundtables, executive forums, and conferences. Bruce is a graduate from the University of Illinois (Secondary Ed.) and also holds an MBA from Keller Graduate School, with a credentialed security focus (CISM).