Most likely, you’re already familiar with various forms of security breaches, such as hacking, phishing, viruses, spyware, worms, rootkits, and more. We’ve also talked about how to protect yourself from such malware.
But when it comes to IT security (which includes your own personal Identity Theft), the most important question is “What is the downside risk of experiencing a Security Breach?”
Security breaches can have an affect at many degrees, from a mere annoyance all the way through taking down your entire company and losing confidential data – data that may belong to you — or worse yet, to others. In addition, a breach can bring on lawsuits both from other companies and individuals, as well as Regulatory Agencies. That’s right. No one is immune. That’s why Risk Assessment is such an important tool.
The news media is littered with headlines about security breaches such as the LinkedIn hack that we reported to you only weeks ago. One user is already suing LinkedIn for $5M. And that’s just one user – imagine if they are successful and a Class Action lawsuit develops from there? How about Sony’s Playstation Hack? Or Massachussetts Hospital, Aetna, TD Ameritrade, Heartland Data, Verisign, University of Hawaii…the list goes on and on, including small companies you probably never heard of.
You may think, “what’s this got to do with me? I’m just a small fry, not a big corporation like them.” Unfortunately, way too much. There are two main differences between big corporations and your small company:
First, large corporations have probably paid great attention to security and made all reasonable efforts to protect themselves. This goes a long way to showing “they did the right thing”. But doing nothing (or playing “ostrich”) is often deemed as negligence, and makes you much more vulnerable to damages. Many years ago, “I didn’t know” may have gotten you into less trouble, but today, everyone is expected to “know better” and take the proper precautions.
Second, most large companies can afford the multi-million dollar settlements and/or fines levied, and will likely recover their reputation. But could your company survive paying a large award or fine or the loss of reputation? A 3rd party review is a small price to pay considering the damage a security breach can do your firm.
We firmly believe the old adage, an ounce of prevention is worth a pound of cure. Or in this case, a few thousand dollars of 3rd party audit is worth millions in damages. A recent example of how a small company protected themself can be found on our website [http://www.theciosource.com/cio_cs_bcp.html ]. Remember, the person/department/company that maintains your security should not be the one to audit it. And, please Don’t confuse Good Luck with Good Planning ™
You must be logged in to post a comment.