Evaluating Cyber Security Standards and Best Practices
Would you believe that the average cost of responding to a cyber-attack for U.S. companies has increased 96% over the last five years to $12.7 million? This is according to a survey of 59 organizations conducted by the Ponemon Institute with Hewlett-Packard. This survey also found that it took about 170 days to detect a cyber-attack, and even an additional 45 to resolve it, which typically costs the company about $1.6 million. Bringing this number down will take a lot of awareness and some education, but in the meantime, what cyber security standards and best practices should your clients be following to reduce their risks?
Organizations need to understand the type of information being collected and where it’s stored and perform an audit or risk assessment based on this information. The assessment should focus on administrative safeguards, such as implementing policies that limits access to confidential personal information for customers, as well as physical and technical safeguards. Physical safeguards could include storing paper records with confidential information in locked file cabinets, while technical safeguards can include encrypting laptops, flash drives, and data stored on servers. Best practices will vary by industry and by location, however here are some general standards all business can follow.
- Companies should assign one person with enough authority to get things done to be responsible for data security.
- Regular risk assessments should be conducted to identify areas of vulnerability and to improve network security.
- Policies and procedures should be implemented to limit access to sensitive data and record retention storage.
These are just a few of the best practices that businesses should follow to limit their risk of a cyber-breach. Companies should also have an Incident Response Plan in place if a breach does occur, as well as efficient liability insurance coverage. At PLRisk Advisors, we understand the significant cyber risks faced by business owners. With our comprehensive Privacy and Network Security Insurance, we provide coverage for all classes of business, including hard-to-place risks. Please contact us today to learn more at(855) 403-5982.