What’s more concerning than having naked pictures of yourself leaked online? That’s an attention grabbing question, isn’t it?
In MasterCard’s recent Emotion of Safety & Security Survey, 55% of Americans (18 years and older) said they would rather have naked pictures of themselves leaked online than have their financial information stolen. Even more would rather have their homes robbed (59%) or email hacked (62%) than have financial data stolen or compromised.
Clearly, consumers get why data privacy and personal information security is such a serious issue, but are businesses taking this matter as seriously? The answer is yes. According to a poll by CIO magazine in which CIOs reveal their worst nightmares, security ranks highest among IT concerns for CIOs. Businesses are finally realizing how a security breech extends far beyond financial loss and into irreparable reputational risk.
Security is no longer just about passwords and firewalls; in fact, in recent years cybersecurity has become a board-level topic and an enterprise-wide priority to the extent that many organizations are now managing cybersecurity as a business risk. Think of it this way, would you do business with someone who leaked your naked photos?
4 Best Practices for Managing Information Security
1. Continuously Monitor and Conduct Risk Assessment
Companies that outperform their peers go beyond point-in-time risk assessment. Continuous monitoring of the controls information technology systems that support their operations and assets provides ongoing awareness of information security posture, vulnerabilities, and threats to facilitate risk-based decision making. Leveraging GRC technology enables them to aggregate information from many different security operations sources to be able to identify which security issues have the most criticality and impact to customers’ information and their bottom line.
2. Manage Third-Party Vendors and Suppliers
Organizations are placing greater reliance on third parties for their critical processes, and the Consumer Finance Protection Bureau (CFPB) and other regulators are holding companies responsible not only for their own actions, but for those of their vendors and suppliers. To ensure customer data privacy and security, more and more organizations are turning to GRC solutions to automate and manage their entire vendor risk lifecycle and provide ongoing and continuous monitoring. Consumers don’t want to be subjected to another “Target”.
3. Investigate Incidents
No matter how diligent a company is, security incidents are inevitable. Leveraging GRC technology to automate the incident management process allows businesses to detect, monitor, and resolve incidents quickly and BEFORE they turn into security events in order to minimize consequences and maintain compliance.
4. Establish Effective Communications During Unforeseen Events
Business Continuity Management is a crucial part of effective risk management, and the speed and effectiveness of communication during a security breech can make all the difference between a brief disruption and a lengthier and more costly recovery. Communications plans need to be addressed thoroughly within the disaster-response plan, but challenges include reaching large numbers of people quickly and simultaneously and providing the right message. One way to address disaster communication is with an automated BCM solution, which can rapidly distribute information.