Let Us Help You Build a Cybersecurity Plan
Everyone Should be Thinking About Cybersecurity
Cybercrime is a threat to every single organization. No one should think they are immune, uniquely situated, or too small to evaluate and improve their cybersecurity. Attacks can disable operations and cause serious harms that are costly, time consuming, and stressful. Organizations should protect against various forms of cybercrime including:
- Data breaches – compromise of confidential data. They have many negative effects, require notification to government and affected parties, damage reputation, and more.
- Ransomware – locks computer systems making them unusable. The organization is extorted to pay a significant ransom to the cybercriminals to try regain access to systems and data. Business disruption and reputational harm follow.
- Theft of funds – creating fiscal devastation. Large payments can be diverted and stolen. The funds may never be recovered, are not insured, and litigation and other disruption ensue.
Evolving laws impose duties upon organizations related to cybersecurity. Organizations need to:
- Be diligent and reasonable in plan and practice (not negligent or deficient).
- Protect the personal and private information they are entrusted with.
- Including information belonging to customers, clients, patients, donors, and employees.
- Prevent, identify, and accurately report data breaches to government and affected parties.
- Comply with laws and regulations that impose specific cybersecurity requirements.
For example, New York’s recent SHIELD Act imposes a number of distinct obligations. Your state does too.
Many organizations have no cybersecurity plan. Many have not reached the point where their security can be described as “reasonable” or “diligent”. John Bandler can help improve your organization's security, compliance, and efficiency.
Cybersecurity Review and Improvement
Every organization -- no matter their starting point -- should continually review and improve their cybersecurity plan and posture. This means evaluating the cybersecurity program, written documentation, practices, evolving legal requirements, and the many threats.
Consider this checklist
- Does your organization have a plan in place? Consider the following plans and written governance documents:
- Cybersecurity policy
- Incident response plan
- Are your plans (governance documents) sufficient or is there room for improvement? They should:
- Comply with external rules (laws/regulations)
- Point to helpful guidance and additional resources
- Establish internal governance
- Be Readable, Practical, and Well-organized
- Be reviewed periodically and updated as needed
- Be understood and followed by all members of the organization
- Are all organization members trained on the documents, cybersecurity, and cybercrime threats?
- Is your organization following the plan and properly protecting itself and the data it is entrusted with?
We can help in these ways:
Whether you are just getting started or already have some cybersecurity policies and procedures in place, our services can help your organization protect itself from cybercrime and comply with increasing legal requirements relating to cybersecurity and privacy. We have experience developing and improving programs and policies tailored for organizations of any size or type, drawing upon extensive experience and knowledge. Aided by insight into what allows most cybercrimes to occur, we can help organizations prevent incidents and build a cybersecurity program that withstands scrutiny. Organizations are empowered to better manage their information assets efficiently and securely.
- If you do not have written documentation, evaluate whether you need it.
- Spoiler alert - We will probably recommend that you need it. Unwritten, verbal "policies" are often not worth the paper they are not printed on.
- Create new documentation if needed.
- Review existing written documentation (policies, plans, procedures, etc.) to see what improvements might be warranted.
- Review existing practices.
- Review cybersecurity training.
- Help prevent a cybercrime or other incident.
- Help ensure compliance with cybersecurity requirements.
No one plans to fail, but often we simply fail to plan. Get your cybersecurity plan in place, and then continually improve it.
Contact us by email (firstname.lastname@example.org) or through the contact form. Provide enough information about yourself, organization, and needs to ensure a response, but do not include confidential information.
John Bandler has unique expertise that spans law, technology, business, cybersecurity, investigation of cybercrime, writing, training, and speaking. He is licensed to practice law in NY, CT, and DC, and holds many certifications in cybersecurity, technology, and more. He has been serving the private sector since 2015 is the author of two books and many articles, teaches at the law school, graduate, and undergraduate levels, and is an accomplished speaker. Previously John served the public as a prosecutor (where he investigated and prosecuted cybercrime among other offenses), state trooper, and military officer.
For more information about improving your organization, cybersecurity, and cybercrime, see:
- Policies, Procedures, and Governance of an Organization
- Cybersecurity Laws and Regulations Part 1 (general legal overview)
- Cybersecurity Tips from John Bandler (single page tip sheet)
- Cybercrime Frauds Involving Email and Funds Transfers (Email based funds transfer frauds, like business email compromise (BEC) and CEO fraud)
- Data Breaches
- Free Starter Cybersecurity Policy
- Checklist for reviewing your governance documents
- the Articles page
This article is hosted at https://johnbandler.com/cybersecurity-review-improvement, copyright John Bandler, all rights reserved.
Posted June 2021. Updated 11/20/2021