No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
    • Upcoming
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

5 Ways to Bolster Cyber Safety and Minimize Risk

What Every Company Should Know About Cybersecurity

by Robert Munnelly
July 11, 2019
in Featured, Risk
lock on circuit board cast in orange light

Cyber threats are simply a business reality in the modern age, but with the right knowledge and tools, we can protect our businesses, employees and customers. Davis Malm’s Robert Munnelly outlines five actions companies can take to maximize long-term cyber safety.

Decades of experience in the age of broadband and security breaches has taught us important lessons about the steps companies should take to protect themselves, employees and customers from cybersecurity threats. Every company should make an effort to adopt specific action items so as to maximize opportunities for long-term cyber safety in this increasingly interconnected world.

Following are five actions companies must take to prepare.

1. Respect and Plan for Cybersecurity Threats

Cyber thieves can target any person or business, and all companies should undertake planning to address potential threats. Security breaches have harmed companies of all sizes and in all industry segments. Companies should not wait to experience a threat before commencing planning and implementation efforts: A breach, ransomware demand, wire transfer redirected to an offshore account, company sale terms negotiated downward because buyer due diligence uncovered a breach history or lack of reasonable security protection can all be avoided with appropriate planning and coordination.

2. A Written Information Security Plan (WISP) is Essential

A WISP that reflects a company-specific, risk-based assessment of legally protected data and associated risks of loss is critical for good cyber health, even where not required by applicable state laws (such as in Massachusetts or Rhode Island) or federal laws (such as for HIPAA/HITECH health information or Gramm-Leach-Bliley financial information).  At a minimum, the WISP should address:

  • the scope of the plan (both geographic and included or excluded affiliates);
  • persons responsible for implementing and updating WISP provisions;
  • user passwords and access controls;
  • threat protection and intrusion protection software and hardware;
  • encryption of laptops holding sensitive data, data traveling over broadband and, increasingly, data at rest in the company network;
  • physical security (such as front door security and locked doors and cabinets);
  • periodic security and penetration testing;
  • contractual protections applicable to vendors holding company protected data;
  • annual employee security training;
  • a mandatory post-breach review process; and
  • an annual WISP update process.

If you have a WISP that does not address all of these elements, take steps to upgrade it.

3. Implement Additional Data-Related Plans and Policies

The WISP should not be your company’s only data-related policy. Other important policies include:

Incident Response Plan (IRP) – Having a written plan for responding to breaches enables decisive action and can minimize potential breach-related costs and business harms. Sound IRPs include internal company response team members (including WISP responsible persons, a member of top management, in-house legal, IT and HR executives), external team members (including breach legal counsel, outside public relations, computer forensics and insurance brokers), key breach response action items (documenting breach discovery and timing, isolating infected equipment, retaining forensics professionals, using counsel to interview persons involved in breach issues, communicating to employees about the importance of avoiding unfounded speculation as to breach causes, identifying data-related insurance policies and sending policy notices and meeting state/federal breach notice requirements); and, for larger companies, war-gaming breach scenarios.

Emergency Response/Data Recovery Plan – Companies should plan for responding to data loss or unavailability due to fires or natural disasters, serious breaches or computer ransomware attacks and ensure that network recovery occurs as quickly as practicable. Companies should also have off-site data backup arrangements sized to the extent and importance of its data needs in order to minimize outage-based business losses.

Website Terms of Use/Privacy Policies – Companies need terms of use (also referred to as terms and conditions) that expressly identify and proscribe avenues for website misuse and disclaim possible grounds for company liability from users. Terms of use are typically developed with or linked to privacy policies that disclose what the company is doing with all forms of user data received by the website. These policies have gained increasing importance in light of the new European General Data Protection Regulation (GDPR) – largely echoed in California rules that will take effect next year – that data holders must obtain express informed consent for all of the company’s present and future uses of customer/user data, as careful disclosures coupled with “I consent” boxes are likely needed to evidence GDPR compliance.

Other Data-Related Policies – Businesses must also develop a variety of other data policies required by other applicable laws or rules, such as HIPAA/HITECH business associate agreements, GDPR-required standard contract clauses codifying minimum required data safeguards, mobile “app” terms and conditions and the like.

4. Data-Intensive Companies Should Consider Cyber Insurance

Companies with retail business lines or significant potential data loss exposure should investigate cyber-specific insurance policies in addition to other insurance. Companies should carefully investigate coverages that are suitable to the business – including whether the policy covers only the company’s own costs or whether it protects against claims brought by affected consumers and other parties – and the nature of costs covered (e.g., breach-related forensics, legal fees, mailing, call center and fees for breach notices and credit freeze offerings to consumers).

5. Plan for Annual Data Security Reviews and Improvements

As cyber threats have rapidly expanded and evolved, your company’s WISP, data policies, employee training practices, threat protection hardware and software and insurance should evolve and change as well.  Annual reviews of WISPs and related policies, as well as regular investments in security audits, penetration tests or both can identify critical holes to be addressed. In particular, security audits typically provide prioritized recommendations for immediate, medium-term and long-term action items than can help guide company budgets.

Cyber threats are one of the many realities of doing business today. Knowing the risks and putting plans in place will help companies avoid these cyberattacks or, in the unfortunate event of a breach, will prepare you to respond properly and minimize the damage to your customers, employees and business.


Tags: Data BreachGDPRHIPAARansomware
Previous Post

In an Age of Increasing M&A Activity, Data Maintenance is Key to Ensuring Compliance

Next Post

Risky Women Radio

Robert Munnelly

Robert Munnelly

Robert J. Munnelly, Jr. practices in the regulatory area at Davis Malm. His data security and information privacy practice focuses on advising and working with companies to develop written plans, improve security-related policies, support compliance training and respond to potential security breaches. He also has extensive experience with legal and regulatory issues faced by energy, cable television and telecommunications companies in New England and nationally.

Related Posts

new york and us flags

New York Tightens the Breach Clock: 30 Days to Notify

by Melissa Crespo and Reiley Porter
May 12, 2025

State joins growing national trend toward broader personal information definitions and stricter notification timelines for data compromises

virginia state flag

Are You Ready for Virginia’s Sweeping Reproductive Health Privacy Law?

by Meghan O’Connor
April 29, 2025

Broadly defined ‘reproductive and sexual health information’ may affect any company doing business in the state

origami tiger

Paper Tigers Won’t Protect You: The Reality of Effective NIS2 Compliance

by Hans Kayaert
March 24, 2025

Why Belgium's early adoption model could prevent another round of ‘compliance theater’ across Europe

examining data on laptop screen

Privacy Rights Surge Forces Rethink of Data Management

by Gal Ringel
March 14, 2025

As global privacy regulations multiply, organizations face mounting pressure to efficiently respond to data subject requests amid complex data environments

Next Post
Risky Women Radio logo for podcast

Risky Women Radio

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
    • Upcoming
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights