Everyone Should be Thinking About Cybersecurity
Cybercrime is a threat to every single organization. No organization should think they are immune, uniquely situated, or too small to think about cybersecurity. Attacks can disable and cause serious harms that are costly, time consuming, and stressful. Organizations should protect against various forms of cybercrime including:
- Data breaches are compromise of confidential data. They have many negative effects, require notification to government and affected parties, damage reputation, and more.
- Ransomware makes computer systems unusable. The organization is extorted to pay a hefty ransom to the cybercriminals with the hope of regaining access, along with other fallout.
- Theft of funds can be devastating. Large payments can be diverted and stolen. The funds may never be recovered, are not insured, and litigation and other issues may ensue.
In addition to counteracting threats, cybersecurity measures are required by evolving laws that impose duties upon organizations related to cybersecurity. Organizations need to:
- Be diligent and reasonable, not negligent or deficient.
- Protect the personal and private information they are entrusted with.
- Including information belonging to customers, clients, patients, donors, and employees.
- Prevent, identify, and accurately report data breaches to government and affected parties.
- Comply with laws and regulations that impose specific cybersecurity requirements.
For example, New York’s recent SHIELD Act imposes a number of distinct obligations.
Many organizations have not started taking cybersecurity steps yet. Many have not reached the point where their security can be described as “reasonable” or “diligent”. John Bandler can help improve security, compliance, and efficiency.
Cybersecurity Review and Improvement
Every organization -- no matter where they are starting from -- should continually review and improve their cybersecurity posture. This includes evaluating the cybersecurity program, written documentation, practices, evolving legal requirements, and the many threats.
Consider this checklist
- Does your organization have the following written governance documents in place?
- Cybersecurity policy
- Incident response plan
- Do your organization's governance documents have these attributes?
- Comply with external rules (laws/regulations)
- Point to helpful guidance and additional resources
- Well organized
- Establish internal governance
- Are reviewed periodically and updated as needed
- Are understood and followed by all members of the organization
- Organization members are trained on the documents, cybersecurity, and cybercrime threats.
John can help in these ways:
Whether you are just getting started or you have some cybersecurity policies and procedures in place, John’s services can help your organization protect itself from cybercrime and comply with increasing legal requirements relating to cybersecurity and privacy. He has experience developing and improving programs and policies tailored for organizations of any size or type, drawing upon his extensive experience and knowledge. Aided by insight into what allows most cybercrimes to occur, he can help organizations prevent incidents and build a cybersecurity program that withstands scrutiny. Organizations will be empowered to better manage their information assets efficiently and securely.
John can help:
- If you do not have written documentation, evaluate whether you need it.
- Spoiler alert - John will probably recommend that you need it. Unwritten, verbal "policies" are often not worth the paper they are not printed on.
- Create new documentation if needed.
- Review existing written documentation (policies, plans, procedures, etc.) to see what improvements might be warranted.
- Review of your existing practices.
- Review your cybersecurity training.
- Help prevent a cybercrime or other incident.
- Help ensure compliance with cybersecurity requirements.
Contact John by email (email@example.com) or through the contact form. Include enough information about yourself, organization, and needs to ensure a response, but do not include confidential information.
There are many additional references on this site, you can start at the Articles page.
John Bandler has unique expertise that spans law, technology, business, cybersecurity, investigation of cybercrime, writing, training, and speaking. He is licensed to practice law in NY, CT, and DC, and holds many certifications in cybersecurity, technology, and more. He has been serving the private sector since 2015 is the author of two books and many articles, teaches at the law school, graduate, and undergraduate levels, and is an accomplished speaker. Previously John served the public as a prosecutor (where he investigated and prosecuted cybercrime among other offenses), state trooper, and military officer.
Posted June 2021. Updated 6/14/2021