ZURICH: Point of Action
Don't Ignore the Risk: Plan for the Cyber-Attack
Cyber extortion can threaten the lifeblood of a business. But the time to deal with this type of cyber-attack isn't when the criminals are at your computer doorstep. It's well before that.
There are a number of steps you can take to prepare your organization for an attack. First, understand your company's risk profile. Is it the vulnerability of a denial of service that can shut down your website and disrupt sales? Or the theft of customer data or intellectual property?
"After better understanding the risk, there are two areas to focus on -- prevention and response," says Jim Charron, Technology Practice Leader at Zurich in North America. "For prevention, start with risk management policies for employees, including pre-employment screening, data security training, security breach response and controls such as changing passwords. Then, conduct an IT risk analysis to make sure you have the appropriate antivirus, firewalls, network vulnerability scans, etc."
Charron also suggests taking inventory of where data lives. Is it in the cloud or your company's server room? Do employees take critical data home or have access via smartphone? Conduct a data classification exercise using 'sensitive', 'confidential', 'mission critical' and other categories to help understand what is at risk and where.
When managing your response to a cyber-attack, work with a risk management team that includes your insurer, legal advisors, IT staff and even public relations. Develop a method to determine potential damages if a cyber-threat is executed. Plan on identifying triggers for when to engage the authorities, your customers and other stakeholders.
Charron advises, "It's far better to plan for this kind of a crisis than to wait and hope that it just won't happen. When reputation is at stake, a robust risk management strategy and team is critical."
May 1, 2013
Copyright 2013© LRP Publications