August 2, 2016

Cybersecurity, Regulatory Compliance and Information Governance

3 minute read

When it comes to cybersecurity and regulatory compliance, several factors come into play. First and foremost, the human element is important to consider. Basic best practices such as strong and continually changing passwords and ensuring the security of your wireless networks are essential. Also, creating an overall regulatory compliance plan that is understood by all parties.

There have been some interesting developments in the world of cybersecurity:

  • Criminals are starting to change or manipulate electronic information which could compromise its integrity, accuracy or reliability
  • Despite the increased attention around cybersecurity, most organizations have not changed their practices in a sustainable way
  • Ransomware has become a popular way to hold information "hostage" in exchange for compensation

In the wake of the data breaches at large organizations like Sony Pictures (check out our blog post about it), here are some best practices from Mark Pribish, VP at Merchants Information Solutions:

  • Annual employee education should be the No. 1 priority. Talk to workers about ID-theft and data- breach risks because the threat level is rising and you don't want it to sink your business.
  • Your business needs to complete and implement an information governance plan.
  • It will be no small problem if your data is breached and you're unprepared. Business owners who want to remain in business must take cybersecurity seriously and recognize that one of the biggest threats is within the organization.
  • The challenges of a data breach event can include complex federal and state breach notification laws and regulatory compliance issues, and most small businesses lack the financial and human resources to respond. Cyberinsurance can support your risk-management objectives.
  • Crisis preparedness is a significant issue weighing on chief financial officers, with cyberattacks cited as "the most threatening potential crisis.”
  • Create, test and update your business' written information security and governance policy annually, including penetration testing and a simulated data-breach event.
  • A company’s cybersecurity is a team effort. Coordination is critical because criminals will try to exploit weak links.
  • Crisis preparedness is a significant issue with “cyberattacks cited as the most threatening potential crisis.”

As we've talked about in the past, data breaches has become increasingly common and having a proactive plan is crucial for minimizing damage and protecting sensitive records. Making the IT group a part of the information governance discussion ensures all parties are aware of how the information is being stored and disposed. 

Receive News Updates As Soon As They Happen