Edit ModuleShow Tags

Protect your company from a data breach

Use common sense and take action to keep your data secure


Yahoo’s recent announcement that CEO Marissa Mayer would forego a 2017 stock award (after giving up a 2016 cash bonus) following security breaches in 2014, 2015 and 2016 underscores the importance of having a security team in place to prevent or at least mitigate security breaches. The Yahoo Board found the company’s response to the initial security breach should have been more vigorous. 

In addition to the penalty Mayer paid, Yahoo allegedly suffered a $350 million discount on its sales price because of the breach, and its head of legal lost his job for his team’s alleged failure to fully investigate the 2014 breach. These costs don’t include the expenditures to defend numerous legal actions alleging that Yahoo didn’t do enough to understand or investigate the earlier breaches and therefore take action to prevent future actions. 

While data breaches may begin to feel inevitable, with the bad guys seemingly always one step ahead, it’s clear that companies need to take cybersecurity seriously, devoting personnel and money to the issue. Security breaches aren’t inevitable, but companies need to take the threat of seriously and implement commonsense protections prior to discovering a threat. It is no longer enough to wait until something happens to take data security seriously. 

A recent IBM/Ponemon Institute annual report estimates the cost of a data breach to hover around $4 million, but that is only a small piece of the total picture. In addition to the immediate data breach response cost, there is the inevitable wave of legal action thereafter, and the long-term damage to company goodwill, reputation and customers.


Start with a data security assessment. If your company does not have the internal resources to perform the assessment, or doesn’t know where to start or what to assess, there are a number of outside firms that can provide a thorough evaluation for a reasonable fee. 

The assessment should look at insider and outsider threats, and examine systemic threats as well as threats to software/applications, among other items.

Consider putting appropriate security personnel in place. Many mid-size to larger firms are considering the advantages of having an in-house chief information security officer (CISO) to deal with the continually and rapidly evolving world of cyber security, freeing up the already overburdened IT and legal departments from trying to keep up with the evolving cybersecurity landscape. 

If your company doesn’t have the resources to employ a full-time CISO, there are data security firms who will sell you the services of a part-time CISO.     

Prior to discovering a breach, companies should consider cybersecurity insurance coverage. It isn’t enough to call up your broker and buy a policy – make sure your policy covers what you think it does. When a breach occurs, you won’t want to discover for the first time that coverage for fines or third-party litigation aren’t covered, for example.

If you don’t feel you have the expertise to fully evaluate a cybersecurity policy, consider working with a third-party cybersecurity firm to help you analyze the proposed policy and determine whether it will fully meet your company’s needs. A third-party expert can also help you negotiate the coverage you need.   

Edit Module
Danielle Urban

Danielle S. Urban is a partner in the Denver office of Fisher Phillips, representing employers nationally in labor, employment, civil rights, employee benefits and immigration matters. Contact her at durban@fisherphillips.com or 303.218.3650.

Get more content like this: Subscribe to the magazine | Sign up for our Free e-newsletter

Edit ModuleShow Tags

Archive »Related Articles

What public relations is, and is not

The guiding principle of a great public relations campaign, whether a modest one for a mom-and-pop shop or a far-reaching one for a Fortune 500 company, is the same: Take a company with a good story and make sure their desired audiences know about it.

Xcel gives new life to historic, clean energy water plant

As part of its commitment to carbon-free electricity by 2050, Xcel Energy is modernizing Cabin Creek, a historic high-altitude, clean-energy water plant near Georgetown. The utility currently sources 27% of its electricity from renewable sources.

The Toyota Corolla remains reliable, consistent after 50 years

The 2020 Corolla is still the well-made, reliable, consistent, affordable, predictable, and comfortable sure-fire car it has always been. It is not exciting. It will not win styling contests. It can’t race. But it sells like hot cakes because it will take you and your family anywhere you need to go.
Edit ModuleShow Tags
Edit ModuleEdit ModuleShow Tags
Edit ModuleShow Tags Edit ModuleShow Tags
Edit ModuleShow Tags Edit ModuleShow Tags
Edit ModuleShow Tags Edit ModuleShow Tags