Join us for the third installment of our series, 5 Most Common Pre-Breach Mistakes Organizations make with Cyber Security. Last time we talked about Mistake Two: Poor Use of Outside Assesors. Today we’re discussing the third mistake, talking up your cyber security, and not putting those talking points into action.
Third Mistake: Touting Information Security
“Time and again what hangs somebody up is a claim that is based not on alleged bad security, but on alleged deceptive statements about security.”
There is always a before, and an after. Sometimes, in the world of cybersecurity, it can feel a little more like ‘before and aftermath’ as organizations deal with fallout from a cyber breach. While hindsight is 20/20, it can be difficult to imagine the extent of an attack before it happens. Organizations can help keep themselves clear of cyber attacks by being proactive about information security, though there is no such thing as perfect security.
Liability is something bought up after the fact for most attacks. Liability is not just what an organization did or did not do, it also stems from what an organization says it has done or will do with its information security. Where this comes to play for most organizations is saying one thing about security practices on their website, and in reality the organization is doing something else. Not only is this problematic for legal reasons, it can have resounding negative impacts on consumer/client relationships.
For example, if an organization states it upholds certain data regulations, there could be trouble after a security breach if it comes to light that the stated way of data handling and the actual way of data handling differ. Especially when that difference creates the breach in the first place. This is the ultimate function of GDPR and other regulations – to keep information security as secure as possible. Hackers, malware, ransomware, and more are all just a stray mouse click away for any organization without an online and data security plan.
To avoid this situation, always clear online and printed verbiage with the appropriate departments. Talk to all the departments involved and make sure that data handling practices are both stated and followed. The sheer number of factors an organization must secure nowadays is growing. Cloud storage, remote working, and access issues abound for organizations today, and these will continue to compound in the near future. Working with an outside assessor like Idenhaus to get your organization’s security baseline can greatly help keep your data safe, and your organization working like it should.