Excellent info from Travelers: Company Data Security Policy & Standards

Computer-ThiefTravelers just published a list of 9 things companies should consider for data security policies and standards. It is excellent. You can see it by following the link below.

But first, check out my CyberGard–Cyber Risk Protection Program that can help with implementing these 9 steps!

via Company Data Security Policy & Standards | Travelers Insurance.

Podcast: #DtR Episode on Lines in the Sand on “Security Research”

You really need to hear this podcast where we draw lines in the sand staking out what is — and what is not — security research

The #DtR Gang [Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst)] invited me to tag along for another episode of the Down the Security Rabbit Hole podcast.

Also joining us for this episode were Chris John Riley (@ChrisJohnRiley) and Kevin Johnson (@SecureIdeasllc).

You can click here to see a list of the topics we covered in this episode or just jump straight into the podcast.

Let us know what you think by tagging your comments with #DtR on Twitter!

Stop lying to yourself — your business is not prepared for data breach risk

Ponemon studies from September 2014 tell us that 43% of US companies had a data breach last year, even if they are not aware of it, and 78% either do not have a data breach response plan in place or have not updated it in a timely manner.

This means that your business must be ready for a data breach but the odds are, it is probably not. Am I right or wrong? 

As you’re sitting there feeling guilty for lying to yourself (and you know you are), here is an interesting infographic that you should consider. And, while you’re at it, keep saying “yeah, but it won’t happen to me …”

Data Breach Infographic

 

 

via Infographic: Is your business ready for a cyber data breach? | PropertyCasualty360.

Yes, I will mention this post in tomorrow’s seminar on data breach! “Who’s Gonna Get It?”

This is one of my favorite and my most popular posts ever — and you better believe I will find a way to mention it to this group of CEOs to help them understand why it is important to take seriously the data security threat!

Data Breach – Who’s Gonna Get It? | business cyber risk | law blog.

 

“Defense wins championships” when preparing for the inevitable data breach

“The best strategy to manage the inevitable data breach of your enterprise is to be prepared.” -Adam Greenberg, SC Magazine

Exactly–you must prepare on 2 fronts: Defense & Response

In a recent article in SC Magazine, Adam Greenberg marches along faithfully with many of us in trying to get you, the business leader, to appreciate the severe risk that data breaches pose to your business. He starts by repeating the old data breach proverb, “It is not a matter of if, but when,” which readers of this site have heard many times before.

It is now a given that every enterprise either already has been, or will be, the victim of a data breach. It’s just life in the digital age, get used to it.

More importantly, prepare for it. A data breach can be either (1) a catastrophic event that threatens the very existence of your enterprise, or (2) just another adversity that your enterprise faces, manages, and learns from along its journey to success.

The choice is yours and is determined by whether you stick your head in the sand and ignore the risk or prepare for it. The first step you must take is to decide that you will not ignore this threat and that you will prepare for it. This is the most difficult step for many business leaders but, once we get past it, we start making progress.

Preparing for a data breach requires preparing a defensive strategy and a responsive strategy.

Preparing to Defend

-Defense Wins Championships-“Offense sells tickets; Defense wins championships” -Coach Paul “Bear” Bryant Jr.

When we talk about preparing for a data breach, some people jump the gun and start thinking about how they will respond. This loses sight of the primary objective–your duty–PROTECTING THE DATA which, necessarily, requires defending your system.

The top priority for your enterprise is to take steps to assess and strengthen its cyber security posture. Then, the deficiencies that are identified must be corrected (there are always deficiencies). And don’t forget to document the steps that are taken (here is why).

Preparing to Respond

After you have prepared your defensive strategy, the next step is to prepare for responding to the inevitable data breach. Every enterprise needs a data breach response strategy that is documented in a written breach response plan (here is why).

The breach response plan needs to be comprehensive, readily accessible in an emergency, and everyone needs to be trained on their roles in the plan. You can read more about breach response plans here.

Fortunately, this process is not as intimidating as it may sound. The most difficult part is that you must decide that you will make sure your enterprise is prepared for this risk. After you make that decision, a qualified adviser who has helped other enterprises prepare for these situations can guide you through the process.

Learn more about the author’s unique CyberGard–Cyber Risk Protection Program.

 

Source of original article: Plan ahead: Prepare for the inevitable data breach – SC Magazine.

 

Are You Outraged By The CFAA Prosecution of Aaron Swartz But Not Sandra Teague?

Originally posted on business cyber risk | law blog:

With Aaron Swartz’s suicide came the lifting of the floodgates for public criticism of the Computer Fraud and Abuse Act. The amount of venom directed at the law is second only to that directed at the federal prosecutors who were prosecuting Swartz. While I understand the emotional issues that are driving much of the criticism, as I read opinion after opinion by so many “experts” on the CFAA, I can’t help but wonder about Sandra Teague. That is, if these experts are now so concerned about how the CFAA was being used to prosecute Aaron Swartz, why didn’t they have this same concern for Sandra Teague? Or, if they were not aware of Sandra Teague before, how would they feel about her prosecution now? How about you?

Aaron Swartz Case

Much has been written about the Aaron Swartz case including an outstanding analysis by Professor Orin Kerr, a…

View original 1,383 more words

3 Steps the C-Suite Can Take to Strengthen Cyber Security

Originally posted on business cyber risk | law blog:

NTCC 1The C-Suite is ultimately responsible for failures of a company’s cyber security. A recent example of this is how Target’s CEO, CTO, and several Board Members were pushed out in the wake of its data breach.

SEE BELOW FOR EVENT REGISTRATION!

This puts leaders in a difficult position. It is almost a statistical certainty that every company will suffer a data breach sooner rather than later. Does that mean that most C-Levels and Directors are on the verge of losing their positions because of a data breach? Does it mean that their careers and future are now out of their control?

No, it does not have to mean either of those things. There are steps leaders can take to help minimize the risk of these things happening, both to themselves and their companies.

Leaders will be Judged, but by What Standard?

Because statistics show that virtually all companies will eventually suffer…

View original 410 more words