<img height="1" width="1" alt="" style="display:none" src="https://www.facebook.com/tr?ev=6038855580069&amp;cd[value]=0.00&amp;cd[currency]=INR&amp;noscript=1">
Search:

Thought Leadership in Action

Category: SmartOffice Webinar

ACHIEVING CYBER-PREPAREDNESS: Talking Cybersecurity with FCI CEO Brian Edelman

A cybersecurity attack occurs once every 39 seconds on average. And every minute, more than 2,500 records are stolen, many from company databases just like yours.

Click HERE to Watch Webinar!

New cybersecurity regulations from the New York Department of Financial Services (NYDFS) are part of a broad attempt to fight back against these cyber attacks. Regulators, authorities, clients and cybersecurity insurance providers now demand documented evidence and further proof that an organization is protecting its networks and data beyond industry best practices. Consequences and penalties for cybersecurity regulation violations are severe. They include the risk of fines and damaged reputation, on top of the direct losses that a breach can cause.

Brian Edelman, CEO of FCI, spoke with us about the vital role evidence plays in achieving cybersecurity compliance. “An antivirus [program] is what most people think cyber is,” Edelman says. “They don’t think about information security policies, procedures, standards, and training. They don’t think about it as an entire defense system and framework designed to protect against all cybersecurity threats, both internal and external.”

 

Establish a Proactive Paper Trail

Edelman says education is a key first step in protecting yourself and your business. 
“Know what regulations govern you and your organization and the deadlines associated under each regulation. And work with a cybersecurity expert to understand your risk profile and what constitutes a crime or a potential violation,” he says.

A foundation of knowledge allows you to prepare for regulatory requirements —before, during and after a breach. Collecting this information, including receipts, is necessary when purchasing cybersecurity insurance and meeting regulatory demands. It is essential to have them ready at all times, in printed and electronic form.

Edelman laid out an unfortunate situation many companies face: “Imagine you’re in the middle of a breach, and you’re calling the insurance company. They say, ‘Well, did you have an incident response plan?’ And you’re saying, ‘Why are you asking me that now?”

Authorities and insurers are going to demand evidence that you had a plan in place, prior to the breach, and followed that same plan before the incident. The less of a paper trail you have, the more risk and culpability falls on your shoulders.

 

Answer the ‘Next Question’

Cybersecurity processes should always look to the “next question”  and the proof needed to answer it before you’re in the situation of facing the question formally. The next question sometimes is about how to execute your plan, such as conducting periodic risk assessments or setting up a firewall.

“If I walked into your office and I said, ‘Do you have a written information security policy?’ and you say, ‘Yes, I do,’ what do you think my next question is? ‘Let me see it!” Edelman says. “When do they ask you to prove it? They ask you at the time of the loss.”

Implementing policies can generate proof that you’re taking steps to protect your business, so document things like training and workshops. “The demand is no longer vague. It’s prescriptive and evidence,” Edelman says.

 

Build Your Cyber File

Becoming proactive on cybersecurity starts with documentation and execution on your policies and procedures. Having documents ready and actively tracking requirements makes it easier for your team to find and share mission-critical data during a breach or a cybersecurity audit.

Here is a partial list of required cybersecurity documents to start with:

  • Written information security plan (WISP).
  • Your cybersecurity insurance policy.
  • Your incident-response plan (ISP).
  • Your vendors’ cybersecurity policies.
  • A list of contact numbers of cybersecurity experts on your team and for vendors, partners, insurers and regulators.
  • Employee and client education plans, including training records.

Organizing these physical documents in a secure file that is maintained on-site and outside your network can prove to regulators and insurers that you have taken the appropriate steps to protect private client data. “When you have made cyber competence and cyber culture part of your organization, it shows. Being proactive and taking the necessary steps to protect your clients and their private data is vital in today’s day and age.” Edelman says. “To me, the biggest nightmare out there is you and your company being accused of cyber negligence.”

Click HERE to Watch!

 

EbixMarketing

Like what you see?

Subscribe to our Ebix blog or curate your subscriptions for the most relevant content and never miss a single article! Industry driven thought leadership delivered straight to your inbox with the click of a button. What could be easier?

Subscribe