A spate of high-profile, high-impact cyber breaches at several of the largest financial institutions in the United States has brought attention to a point that cybersecurity professionals have long taken as an article of faith: boards of directors need to take an active role in the management of cyber risk. Yet, there are several factors that tend to prevent effective engagement in cybersecurity risk at the board level.
As stated in a recent issue of the FDIC's Supervisory Insights, the risks presented by cyber attacks have become "one of the most critical challenges [in the last decade] facing the financial services sector due to the frequency and increasing sophistication of cyber attacks." In just a year's time, from 2014 to 2015, security incidents increased 38 percent.
Healthcare providers hold a special place in today's society. Most people count healthcare workers among the most admirable of professional jobs, and nearly everyone has to trust a healthcare professional with their lives or the lives of loved ones at some point. Nine out of every 10 American adults see doctor as a prestigious profession, for example, with older generations in particular holding it in high regard.
Regardless of how many security controls are placed on a network and the components that go into making a network operate, there will always be vulnerabilities in a connected world. So, what do you do in an environment that allows for such risk of compromise?
The GDPR is applicable to almost every organization around the world that collects or processes data on residents domiciled within the European Union. This white paper offers practical advice on the key issues to consider in complying with the GDPR and will enable decision makers to prepare for this critical compliance obligation.
Phishing, spearphishing, CEO Fraud/Business Email Compromise (BEC) and ransomware represent a group of critical security threats that virtually every organization will encounter at some point - and most already have. This white paper addresses these critical security problems and offers 14 best practices for making organizations more secure.
Texting is simple, concise and compatible with virtually every mobile device, operating system and wireless carrier - making it extremely accessible when a government official or employee wants to communicate with staff or community members in a time-crunched world. But even though text is easy, reliable and intuitive - if it's used for official business communications, it can create tremendous risk.
State, federal, and local government agencies need to keep important records (including digital communications) for a long time, to stay in compliance with public records laws, open meeting, Freedom of Information Act (FOIA), and various state sunshine laws. If an agency has email, social media, web and other digital communications related to business activities, records must be available to anyone who asks for them.