Firewalls and antivirus software are essential to any cyber security program, but an effective program involves far more than that. Preventing a data breach in today’s fast-evolving, technology-based world requires a broader, more strategic approach that spans your entire organization.
To clarify what an effective cyber security approach looks like for businesses, we teamed up with the risk management and insurance company KMRD Partners to co-host a webinar, “Managing Your Cyber Security Risk.” During the webinar, we explained how organizations can strengthen their enterprise security and protect their sensitive data. If you missed it, let me walk you through the highlights — and give you an opportunity to watch and listen to the hour-long replay.
Three pillars of cyber security
The overall theme of the webinar was that organizations of all sizes and industries can significantly improve their protection of data by focusing on three pillars of cyber security: technology, people, and policies. What often happens, however, is that organizations hone in on technology but overlook the other key areas — people and policies. This, in turn, creates vulnerabilities.
To approach cyber security the right way, organizations need to prioritize all three pillars — and develop and implement a cyber security program that’s fully integrated across their enterprise.
What does an integrated program look like? It differs from the way many organizations address security vulnerabilities — essentially, by working in silos. A cyber security program that’s fully integrated across your company addresses operational aspects, such as policies and procedures that clarify the roles and responsibilities of the people within your company, as well as technical components, such as malware detection software, firewalls, and so on. Important to note — and a part that often gets overlooked — is that the technical components need to interface seamlessly with your overall approach. This alignment is what makes the program truly integrated.
Key takeaways
During the webinar, we discussed some real-life examples of what can happen when organizations take a narrow, one-dimensional approach to cyber security. Here are some of the key takeaways:
- As I’ve said, organizations need to take an integrated approach to cyber security that addresses technology, people, and policies in a unified, strategic way.
- Assessments and audits are a critical first step to identifying the risks and vulnerabilities unique to an organization. Done well, assessments serve as essential input to your enterprise’s security roadmap.
- Strengthening an organization’s enterprise security does not have to be expensive. Parts of your cyber security program can be phased to accommodate your organization, budget, resource availability, and risk profile. In this sense, your program can (and should) scale up as you grow over time.
- Don’t assume that losses resulting from data breaches and cyber security attacks are covered in your insurance policies (including general liability, property and casualty, and errors and omissions policies). Cyber insurance is a key component of your organization’s overall security strategy, so talk to your insurance agent and obtain coverage right away.
Cyber insurance savings
In the webinar, we also discussed a unique program offered by Comprehensive Applied Security Solutions (COMPASS) and KMRD Partners. Here’s how it works: If your company signs up for a cyber security assessment, it can receive a 20 percent discount on a cyber insurance policy.
For details on the discount and to learn more about creating an effective, integrated cyber security program, watch the webinar replay and reach out to COMPASS.
