Businesses have become more reliant on technology to operate but it is still people and our desire to trade that creates the exposures. Yesterday’s risks now manifest themselves very differently in today’s digitally connected world.
Sounds obvious but maintaining up-to-date operating systems and installing the patches does help. Using automated software can assist managing the patch cycle, but a regimented process certainly helps maintain operating system integrity.
An organisation with a clear, concise and tested IRP will be able take fast action to contain a breach and minimise the financial damage to an organisation. They are more likely to have a better response to legal requirements and potential costly fines.
Network and Data Security is an enterprise wide risk and not a risk that can be managed within the silo of the IT department. A CISO (or equivalent) should be responsible for data protection and have centralised responsibility for data management.
The CISO should lead and coordinate an enterprise’s response (General Counsel, Risk Management, PR/Marketing, Executive Management) to a cyber-attack. This person should be listed in the IRP.
With technologically empowered employees all accessing the network via a raft of mobile devices (smart phones, tablets etc.), a data/privacy breach can occur from simply losing a mobile device. Ensuring the devices are encrypted means that even if a device is lost or stolen, the data cannot be used which will mitigate the potential exposure.
A current and enforced network security policy should outline the organisational rules for appropriate use of an organisation’s computer resources, including enforcement procedures.
The policy among other things should discuss strong password protocols, website access and usage restrictions, as well as appropriate email usage.
Taking stock and knowing your company’s risk exposures is the first step towards improving cyber resilience. With cyber security vulnerabilities everywhere, knowing how you can improve your company’s defences and how to deal with the aftermath of an attack is more important than ever.
Read more about how Chubb can assist you in the preparation for and assistance after a cyber incident, or contact us to find out more.
This content is brought to you by Chubb Insurance Malaysia Berhad, Registration No. 197001000564 (9827-A) (“Chubb”) as a convenience to readers and is not intended to constitute advice or recommendations upon which a reader may rely. Any references to insurance cover are general in nature only and may not suit your particular circumstances. Chubb does not take into account your personal objectives, financial situation or needs and any insurance cover referred to is subject to the terms, conditions and exclusions set out in the relevant policy wording. Please obtain and read carefully the relevant insurance policy before deciding to acquire any insurance product. A policy wording can be obtained at www.chubb.com/my, through your broker or by contacting any of the Chubb offices or Chubb agents. Chubb makes no warranty or guarantee about the accuracy, completeness, or adequacy of this content. It is the responsibility of the reader to evaluate the quality and accuracy of material herein.
© 2022 Chubb. Not all coverages available in all jurisdictions. Chubb® and its respective logos, and Chubb. Insured.SM are protected trademarks of Chubb.
Contact us to find out how we can help you get covered against potential risks