There are several ways your business should protect itself from a cyber attack. A panel of experts was assembled to discuss these issues from various angles:
- Technical – Bruce Ward, VP of Business Strategy at Peters & Associates, discussed common security controls organizations employ to minimize risks from cyber-attacks.
- Legal – Todd Rowe, partner at Tressler, LLP, discussed Illinois state law and the need to conform to Illinois’ Personal Information Protection Act (PIPA).
- Financial – Mike Richmond, Risk Advisor from The Horton Group, discussed the costs involved with a typical breach and 1st and 3rd party coverage with various insurance coverage.
What did the experts say?
Several compelling statements and questions were addressed. A few of the highlights that were discussed:
- Todd discussed Illinois’ 2016 update to the Personal Information and Protection Act (PIPA) which went into effect in January 2017. In the law, Illinois organizations are chartered to “…implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification, or disclosure.”
- Mike stated that data IS your organization’s asset and it is not only logical to inventory your data, but also to quantify your organization’s data significance to gauge security measures required. $221 per record was the referenced yardstick. Beyond the number, another $600+/record exists in reputational damage, contract reduction, and revenue loss. How many records is your organization chartered to protect? Bruce added that significant data can usually be found in the following locations:
|Human Resources – personnel files||Research and Development – patents|
|Operations – customer accounts, production||IT – passwords, security architecture|
|Financials – past / present / future reporting||Third Party – outsourced vendors|
- Bruce shared several stories on reasonable security controls in a modern infrastructure and a strategy to employ vCISO’s to outline a strategy to protect data.
For a free consultation with a security compliance professional, email firstname.lastname@example.org. We are happy to help.