Cyber threats continue to pummel the US every day and show no signs of stopping. A University of Maryland study has shown that a hacker attack occurs every 39 seconds. With increasing numbers of endpoints, and thus “doors” of entry into your network for vicious attackers to break through, cybersecurity has become the responsibility of everyone within the organization. Breach prevention is heightened among employees when the CEO gets involved, giving the impression that security is a top priority.
The following are a few questions the C-suite should ask their IT teams to help them focus on prevention and implement techniques to quickly detect breaches and limit damage:
“Do you know where ALL our sensitive data is?”
Where your data is located could mean different security policies. Is your information hosted locally, or has it been migrated to the cloud? New laws enacted early this year require companies to provide consumers all personal data collected on them within 45 days of the request. This new law provides consumers the right to sue if they believe their privacy rights have been violated. Knowledge of where data is stored can help prevent lawsuits and unnecessary confusion.
“Based on the data we have, how much would a data breach cost if it happened to us?”
The July 2019 data breach of Capital One is estimated to have cost the banking giant between $100 and $150 million. Equifax’s 2017 breach, which affected nearly 150 million people, has cost the credit company up to $700 million in fines and monetary relief to its consumers. These two examples were major breaches, but globally, the financial impact of a data breach in 2018 cost the targeted company an average of $3.86 million. In the same year, US companies alone averaged $7.91 million in data breach costs. The costs of mitigation and prevention are always cheaper than cleanup costs after a breach. Put protections in place now to avoid the financial burden later.
“Are all the doors locked that protect our sensitive data?”
As a member of the C-suite, customers will look to you for answers after a potential breach. Ask this question to ensure protections are in place before a cybersecurity situation happens and damages the company’s reputation. Only collect the data needed for your business’s operations, and avoid creating a situation that never needed to happen in the first place.
“How do you know that the doors and locks are appropriate and strong enough?”
Are you on par with what others in the industry are doing security-wise? Are you running the latest updates? Are patches being made to the environment as needed and on time? Even the heaviest of doors can be opened with a single push if the lock is broken or becomes weak over time.
“When was the last time we did a third-party, independent security assurance audit/assessment? How do we know we got it right?”
You will not know what you are vulnerable to unless you assess your cybersecurity protection system and processes. Testing through an independent, third-party agency can help uncover any holes before a vicious attacker does. Is your company regularly testing its environment? Are the results where they need to be? Were any recommended actions taken to improve the company’s defenses? These processes will keep you from being blindsided by a completely avoidable attack that could do grave harm to your organization, employees, and customers.
With the recent dramatic rise in data breaches, the C-suite must take steps to ensure cybersecurity is always on their radar. Executives and the entire organization must work together to secure and protect the company’s data assets. Cybersecurity is not someone else’s responsibility; it’s everyone’s.
Accudata Systems’ decades of cybersecurity, risk, and compliance expertise has prepared us to create security solutions that enable customers to leverage multiple integrated protection products on one platform. Our proprietary Cybersecurity Framework exercise details an organization’s current security maturity level, identifies gaps in coverage, and ultimately recommends solutions offered by trusted partners, including Cisco, Palo Alto Networks, and Microsoft. Let our experts protect you from the bad guys, so you can focus on running your business.