Edit ModuleShow Tags

Top 10 ways to manage cyber risk


Technology has made business a more efficient, streamlined process. Be it data archiving, communication or research, the Internet has become a necessary component of many day-to-day business functions. Despite the many benefits that technology lends to today’s workplace, however, it’s important to keep in mind its inherent risks. Just as the Internet has made it easier for businesses to store and share data, it has made it easier for criminals to access sensitive information and has increased the risk of unintentional disclosure. 

Here are the top 10 ways to manage cyber risk for companies to consider as they work to improve their cyber security policies and procedures.

1.    Human Nature Is Your Greatest Risk. Curiosity and trust of unsuspecting employees are the greatest threats to cyber security. Cyber criminals prey on these traits and can create convincing traps to entice employees into inadvertently disclosing data or granting unauthorized access to sensitive information. Beware of suspicious emails, even if you think you know the sender; free or found thumb drives; and the use of technology without robust password protection.

2.    Regularly Assess Your Cyber Risk. Consider using a broker or insurance recovery attorney to assess your cyber risk and provide guidance on how to: (1) identify your areas of potential exposure; (2) protect your company from a cyber breach; and (3) have a plan in place to respond to a cyber breach if it occurs.  At a minimum, conduct internal audits of cyber and privacy breaches within your company on an annual basis.

3.    Create A Qualified Team. Identify key personnel within your company who can be charged with monitoring cyber security. The team should include IT personnel and management-level employees, each of whom should have well-defined roles. For larger companies, consider designating a CSO (Chief Security Officer).

4.    Develop Written Policies And Procedures. Develop and implement a written information and security program. Have your cyber team research and implement best practices to protect against internal and external threats. Written policies should describe internal reporting requirements for security breaches and must include a crisis response plan with a clear chain of command.

5.    Create A Culture Of Privacy. Review company policies to ensure they create a culture of security and respect for privacy. Update training as necessary to enhance understanding and compliance with privacy policies.

6.    Have A Strong First Line Of Defense. Secure passwords are an important tool in preventing cyber breaches. Consider implementing mandatory password protection and login procedures for all electronic devices, including private computers and cell phones that employees use for business purposes. Require passwords to be unique, long and complex. The longer the password, the harder it is for a hacker to crack.

7.    Stay Up-To-Date. Your cyber/privacy team must continually stay abreast of developments in this fast-paced area. Remember, cyber criminals are often at least one step ahead. Provide regular opportunities for continuing education for your cyber team.

8.    Seek Help When Needed. Many small- to medium-sized companies do not have the capacity to implement the most up-to-date security protocols making them the most attractive targets of cyber criminals. A third-party data storage vendor may be a valuable resource in maintaining cyber security. Recognize, however, that such vendors (including "The Cloud") cannot assure absolute protection and will likely attempt to disclaim liability for data breaches. The cost of a breach will ultimately fall on your company, both in terms of reputational damage and lost information.

9.    Know Your Vendors. If your vendors, consultants and service providers have access to your clients' sensitive information, ask them about their cyber security policies. What are their policies? What is their track record on security breaches? How do they protect the privacy of your information and that of your clients/customers? What is their protocol in the event of a breach?

10. Maintain Adequate Insurance Coverage. Have a qualified broker or insurance recovery attorney review your existing insurance policies for gaps in coverage relating to privacy and cyber security. Consider adding endorsements to existing policies or obtaining specialized cyber policies to fill in any gaps in coverage. Remember, you may need more than one type of policy to cover your risks.

Edit Module
Katherine Varholak and Brooke Yates

Katherine D. Varholak is an attorney with Sherman & Howard whose areas of emphasis include appellate litigation, insurance recovery, and construction litigation. Brooke Yates is an attorney with Sherman & Howard with areas of emphasis in commercial litigation, construction, and insurance recovery. Sherman & Howard’s Insurance Recovery Group assists companies and other policy-holders in pursuing all manner of insurance benefits.

Get more content like this: Subscribe to the magazine | Sign up for our Free e-newsletter

Edit ModuleShow Tags

Archive »Related Articles

Key to growth: A relationship with your lender

It isn’t a secret – Colorado’s economy is vibrant and strong. New developments continue to spring up across the state, many entrepreneurs have started new businesses, and many more companies are growing and need resources to meet their increased demand. What’s the secret to ensure business owners...

Do we need a new word for entrepreneur?

Has the word entrepreneur become too trendy as to have lost its meaning? I’m hearing it and the word entrepreneurship being used in so many conversations incorrectly. I’m critical of the use of the word "entrepreneur"...are you?

Hot tips for emerging company boards

Emerging companies comprise a significant portion of Colorado businesses. Venture capitalists, angel investors and founders make up the shareholders and the boards of directors of many of these companies. I spoke recently to Fran Wheeler, a partner in the Business Department of the Colorado Office...
Edit ModuleShow Tags
Edit ModuleEdit ModuleShow Tags
Edit ModuleShow Tags Edit ModuleShow Tags
Edit ModuleShow Tags Edit ModuleShow Tags
Edit ModuleShow Tags Edit ModuleShow Tags