Saturday, January 28, is Data Privacy Day, a day designed to promote awareness about privacy and education about best privacy practices. With that in mind, we decided to devote today’s and tomorrow’s posts to data privacy and how companies can achieve more secure, robust methods to dealing with the ever-present risk of cyber crime and data theft. Today’s post is by Tim Francis, business insurance management and professional liability and cyber insurance lead for Travelers.
IT departments play a pivotal role in identifying and mitigating exposures to cyber threats. However, there are risks that exist outside the company network. Businesses may be overlooking other points of vulnerability where a hacker can potentially attack, including but not limited to company cell phones, smart phones, tablets, laptops and other mobile devices. Every type of technology brings the potential for a cyber crime. Even if every employee is securing their personal and work technologies constantly, information can be compromised.
Institutions that understand the commitment necessary to create a robust anti-fraud program have a plan in place that involves numerous security options. This includes proper breach response planning, establishing information, and insurance protection. Corporate risk managers can be a valuable asset to their companies by becoming part of the planning process. They can also activate their professional networks and refer their companies to other advisers for additional guidance including lawyers, crisis communications specialists and other professionals.
Corporate risk managers should also advise their companies on the importance of employee engagement as part of a cyber risk management plan. When employees understand the potential impact on the company (possibly including their job security) they are likely to be more willing to take the necessary precautions to protect company information by following established protocols for information security. Employees should understand the costs associated with addressing a breach including having to install credit monitoring for hacking victims, liability expenses and potentially losing business and even deterring new business opportunities from prospective clients who get wind of security failures. Getting full buy-in and participation for mitigating cyber risk from the top down in an organization can make a significant impact on reducing cyber exposures.
Operating without a cyber risk management plan could have a crippling effect on a company’s reputation. The way in which companies respond to cyber threats can be scrutinized by clients, stakeholders and the public, especially because victims are often directly impacted by slow response. For example, if a company does not respond quickly, victims of the crime may miss opportunities to cancel credit cards and alert their banks about suspicious activity. The window for fraudulent activity can be prolonged by companies that are unprepared to deal with a cyber breach. With a strategy in place for responding to a cyber event, businesses can execute against their plan and focus on getting back to business as usual.
As cyber attacks dominate headlines, companies must make efforts to properly secure both their technology and networks. Recent media reports have identified major companies, organizations and governmental entities across the U.S. as unfortunate examples of what can happen when a business is unprepared for a cyber crisis. Corporate risk managers can help their companies to adapt their risk management strategies and practices so that their employees and their customers remain ahead of emerging cyber risks.