Shielding assets from international disruptions and cyber-security breaches
At Bryant University's 32nd annual World Trade Day in late May, breakout sessions covered a variety of topics from corporate ethics in today's global economy to an update on U.S. import policies to connecting through the world through New England's global infrastructures.
One topic, however, has taken top headlines lately: protecting your company's and your client's data. Experts on campus took participants through some security issues.
Terrorism, natural disasters, and currency manipulations can fell an unprepared company as can a cyber-attack. What’s a company to do?
PROTECT YOUR GLOBAL SUPPLY CHAIN INTEGRITY
To protect its global supply chain’s integrity, AON Global Risk Consulting Director James Pinzari says, a company must:
“The weakest link in cyber-security is the human factor.”
Dan Andrea, Partner, Kahn, Litwin, Renza & Co.
- develop, maintain, and update a broad-based business continuity plan that incorporates a risk and business analysis, a crisis management and communications strategy, and a disaster recovery component, Senior management support is essential.
The plan can’t be delegated down, insisted Pinzari, noting that some large-scale customers demand business continuity plans from their vendors. He recommends either the NFPA (National Fire Protection Association) 1600 or ISO (International Standards Organization) 22301 standards.
Stephen Ucci, “Cyber Security – is your company safe?” panelist and Counsel, Adler, Pollock & Sheehan, P.C., recommended:
- employee training;
- IT network security;
- cyber-insurance policies;
- and regulatory or contractual obligations.
If a breach occurs, Ucci said, know your obligations – under 47 state laws – addressing data breaches.
PROTECTING DATA REQUIRES COMPANY-WIDE APPROACH
Of the 40,000 cyber-attacks that occur daily, about 60 percent are made against small- to mid-sized companies, said panelist Dan Andrea, Partner, Kahn, Litwin, Renza & Co. “Another 60 percent of [companies] will be out of business within six months; it costs [about] $800,000 to recover from an attack.” Advance warnings about the “Wanna Cry” multinational virus went unheeded; protecting data demands a company-wide approach, said Andrea.
Opening virus-encrypted attachments and responding to phishing emails can destroy a company, warned Brandon Catalan, Managing Partner, Category 5 Consulting, LLC. He advised companies to:
- conduct a risk assessment;
- inventory all systems;
- patch holes in the it network;
accept all anti-virus updates;
- and train employees.