Whether by accident or on purpose, employees are often the root cause of successful cyberattacks. Executives polled in the Accenture 2018 “State of Cyber Resilience” survey identified that accidental publication of confidential information by employees and insider attacks have the greatest impact, second only to hacker attacks in successfully breaching their organizations.
An organization’s security function is largely centralized and its staff are rarely included when new products, services, and processes — all of which involve some sort of cyber risk — are being developed and deployed. This can result in a lack of accountability across the organization and a sense that security is someone else’s responsibility. The Accenture survey shows that only 16% of chief information security officers hold employees accountable for cybersecurity today. Empowering employees to take ownership in your organization’s cyber security is essential, along with ongoing training and skills reinforcement.
Employees need the tools and incentives to help them to define and address risks. New work arrangements, including greater use of contractors and remote workers make the need for employee training more urgent. Even so, training employees to think and act with security in mind is the most underfunded activity in cybersecurity budgets, according to Accenture’s 2019 “Cost of Cybercrime” study.
To embed cybersecurity into the fabric of the organization and be effective against any insider threats, organizations must bring together human resources, learning and development, legal and IT teams to work closely with the security office and business units.
Data security is commonly referred to as the confidentiality, availability and integrity of data. This encompasses all of the practices and processes that are in place to ensure data isn't being used or accessed by unauthorized individuals or parties. Data security helps ensure that the information is accurate, reliable, and available when those with authorized access need it. An acceptable data security plan should focus on collecting only the required data information, keeping it safe and destroying any information that is no longer needed. A plan that places priority on these three components will help any business meet the legal obligations inherent with possessing sensitive data.
With the escalation and increase in cybercrime threatening both the public and private sector, it’s important for organizations to have a data security policy in place. Making sure all company data is private and being used properly can be a near-impossible task that involves multiple layers of security, including technology that scans for vulnerabilities continually. When formulating a data security policy, it is important to look at all threats.
A data security program must be fluid to evolve with the threats it is intended to address. The essential components to any data security program, however, will include:
Training is critical because cybersecurity is only as strong as an organization’s weakest link — a single employee can cause a devastating cyber breach. Never has it been more important to strengthen your workforce in this area, given the dramatic increase in cyber crimes and security-related accidents. Employers can construct firewalls, IT protocols and other defense systems, but this expensive technology will be little help if your workforce is poorly trained in their data security responsibilities.
At a minimum the training should cover:
Employers should constantly emphasize the critical nature of data security. Regularly scheduled refresher training courses should be established in order to instill the data security culture of your organization. Additionally, distribute data privacy-and-security-related news articles in your training, such as the “Threat Intelligence” highlights available on the Associated Benefits and Risk Consulting Cyber Liability page.
For more information about mitigating cyber risk, please contact us.
How safe is your organization? Take the Cyber Risk Scorecard survey to assess your current cybersecurity standing and find additional steps your organization can take to protect against common cyber threats.
Carla provides solutions to mitigate management and personal liability exposures for companies, directors and officers. She specializes in assisting clients to identify and mitigate personal, corporate and professional liability risks. She consults with companies to uncover any liability exposures a
Carla provides solutions to mitigate management and personal liability exposures for companies, directors and officers. She specializes in assisting clients to identify and mitigate personal, corporate and professional liability risks. She consults with companies to uncover any liability exposures and then provides solutions to help mitigate those liability exposures. Carla has been in the insurance industry since 1982. She began her insurance career in the management liability underwriting department for financial institutions. She works with a vast array of clients including multi-hospital healthcare systems, private and public corporations, not-for-profit organizations and independent professionals. With Carla’s experience and knowledge she is frequently asked to speak on D&O and Cyber liability risks.
The world is different than it once was. It used to be that you needed a 30-foot phone cord to take the phone into another room just so you could have a little privacy, and that when you left work, you really left work, since there wasn’t any way to login remotely.
Nowadays, technological advances have made us truly mobile by enabling us to stay connected 24/7/365. While the workplace impact of 24/7 connectivity has meant that employee productivity has been on the rise, along with it comes challenges that couldn’t have been imagined even 15 years ago.
With massive data breaches at organizations such as Target, Dairy Queen, and JPMorgan, businesses are becoming more aware of the threat of hackers and external threats to their data. And while it’s important to protect yourself from such exposures, history has shown that the real enemy lies within our own companies. Don’t believe it?
Send a Message
Find a Location