Insights
Bringing our best ideas and thinking to you.
Blog Post
July 28, 2017
Share this page:
Keep your data safe!
By John Desborough
Companies extorted by the recent ransomware breaches lost productivity and, in hospitals, patient lives were potentially at risk.
The failure to take basic steps to protect your organization's information environment not only places your data at risk, but also puts you at risk for the corresponding loss of public confidence and business. It may also place your organization at the risk of litigation and substantial liability.
Courts are busy with examples of companies who knew about the vulnerability of their systems but yet did nothing to put reasonable precautions in place to prevent or minimize the probability of a breach. We are seeing that companies have to defend themselves against multiple class action suits alleging harm to shareholders, business partners and the public. Executives and board members are being sued personally for breach of duty of loyalty, care and good faith by failing to implement and enforce effective internal controls and procedures with respect to data security.
This is NOT a 'one and done' scenario. It is crucial to periodically:
- Make sure software is updated and security patches deployed
- Use real-time anti-virus and anti- malware software
- Back up key data in multiple locations, including offline
- Train employees to recognize phishing emails and other social engineer tactics
- Establish a central organizational reporting email address where end-users can report phishing attempts to Security
- Develop and implement an Incident Response plan for identifying, containing, eradicating and recovering from cyber security incidents
These recent hack attacks, including "WannaCry", are a reminder - a serious reminder - to get your cyber security up to date, NOW!
--
John Desborough is a Director, Consulting and Technology Solutions at MNP. He is an accomplished business solutions program manager and business transformation architect with 30+ years in the information and technology consulting domain. John has extensive background in information management and governance with both public and private sector clients on a global scale. Drop John a line to discuss this topic in more detail: [email protected]