With data breaches and business interruptions stemming from cyber-attacks now a significant worry for companies, there’s one thing they can do to fight back: know their data.
Travelers and cyber security software firm Symanec note in a new report that if you know your data, systems and network intimately, that awareness can help boost resistance to future cyber risks.
“Know what (and where) data are being created, collected and stored; maintain an accurate inventory of computer systems and software; and understand your network infrastructure,” the report said. “this will enable you to better identify and prioritize appropriate security controls, patch and maintain existing systems and software, and respond more effectively when an incident occurs.”
The cyber security tip is part of a larger Travelers/Symantec report called “Building Resilience to Cyber Risk” a write-up that notes that “cyber risk has emerged as one of the most important risk facing businesses in the 21st century. Beyond better cyber security, the report recommends a number of actions that can help boost cyber resilience. Beyond knowing your data, those recommendations are:
- Focus your cyber security efforts. Travelers/Symantec say that knowing data allows companies to focus on either launching, or improving security controls that will be most effective. This process involves identifying most important things to protect, and assessing vulnerabilities. Also important to figure out: what are the most likely threat scenarios? Mastering these details can help meet those threats and minimize future risks, the report said.
- Educate your employees. The report recommends giving employees a “comprehensive training program” that helps empower staff to recognize cyber threats and notify company IT folks when they happen. Such a program should emphasize how important cyber security is to the organization’s bottom line, encourage the report of suspicious activity and also teach basic info such as how to protect laptops, mobile devices and digital storage media. The recent RIMS 2017 conference in Philadelphia underscored this idea with a session that urged insurers to treat cyber as a risk management issue.
- Plan for incident response. The report urges businesses and organizations to actually plan for a data breach or cyber-attack, because the lack of such a plan can increase the chance of stumbles if and when a breach hits. This, in turn can damage a business or organization. An incident response plan needs to offer guidelines for action, such as procedures and policies on issues such as identifying lines of authority and internal reporting obligations, Travelers/Symantec said. Once that plan is in place, test it regularly, to address any issues that could come up.
- Insure against residual risk. Carriers are trying to find ways to develop viable cyber insurance in addressing this fast-evolving risk. But even as that risk is in flux, the report said companies and businesses need to insure against cyber-attacks once they understand their systems, data and exposures.