Enterprise cyberdefense is a top priority for any organization, and it is a full-time job. Despite the best-laid plans, a data breach can occur at any time. Therefore, we must always be on our toes—checking and adjusting our practices—to ensure security measures are holding fast at all times.
JDSupra’s Jim Halpert has devised an eight-point method—consisting of eight questions—to help organizations evaluate their cyberdefense programs. Six of those questions are listed here and should help create a dialogue between enterprise team leaders and members:
- Do you have a strong governance program in place? The NACD Cyber-Risk Oversight Handbook, provides a helpful roadmap for demystifying cybersecurity and establishing a structure so that directors can meet their duty of care with regard to cybersecurity.
- Do you have an incident response plan in place, and have you tested it? Implementing an incident response plan for cyber incidents and conducting tabletop exercises to gauge how your organization acts on that plan are key countermeasures to reduce the costs flowing from a data breach.
- Are you conducting periodic cybersecurity risk reviews? Companies need to conduct outside assessments to meet duties of care and to pass third-party cybersecurity audits required by customers.
- How do you respond to a breach? When a breach occurs, it is critical to respond efficiently and strategically, conduct a thorough investigation and, wherever possible, provide notice at one time that is sufficiently specific to meet regulator requirements and provide credit monitoring or other protection to customers where warranted.
- Does your insurance adequately cover data breach risk? Finding the right coverage for your organization’s risk posture is important.
- Are you keeping up with rapidly changing regulatory requirements? While compliance with regulatory requirements is no guarantee against a security incident, suffering a reportable security incident when out of compliance can significantly increase risk, penalties and adverse publicity.
For more information and the complete list of cyberdefense program questions, see the full JDSupra article.