Improve Your Cybersecurity Plan
Cybersecurity review and improvement is essential for all organizations. Build and improve your cybersecurity program now. Cybercrime is a threat to every organization, attacks can disable and are costly. Legal requirements exist now. Good cybersecurity is a part of good management which helps organizations achieve their primary missions.
Organizations should protect against various forms of cybercrime including:
- Data breaches – compromise of confidential data. They have many negative effects, require notification to government and affected parties, damage reputation, and more.
- Ransomware – locks computer systems making them unusable. The organization is extorted to pay a significant ransom to the cybercriminals to try regain access to systems and data. Business disruption and reputational harm follow.
- Theft of funds – creating fiscal devastation. Large payments can be diverted and stolen. The funds may never be recovered, are not insured, and litigation and other disruption ensue.
Organizations should comply with legal requirements.
- Be diligent and reasonable in plan and practice (not negligent or deficient).
- Protect the personal and private information they are entrusted with.
- Including information belonging to customers, clients, patients, donors, and employees.
- Prevent, identify, and accurately report data breaches to government and affected parties.
- Comply with laws and regulations that impose specific cybersecurity requirements.
For example, New York’s recent SHIELD Act imposes a number of distinct obligations. Your state does too.
Organizations should manage information assets effectively to further the mission and business needs.
Many organizations have no cybersecurity plan. Many have not reached the point where their security can be described as “reasonable” or “diligent”. We can help improve your organization's security, compliance, and efficiency.
Cybersecurity Review and Improvement
Every organization -- no matter their starting point -- should continually review and improve their cybersecurity plan and posture. This means evaluating the cybersecurity program, written documentation, practices, evolving legal requirements, and the many threats.
Consider this checklist
- Does your organization have a plan in place? Consider the following plans and written governance documents:
- Cybersecurity policy
- Incident response plan
- Are your plans (governance documents) excellent, or is there room for improvement? They should:
- Help the organization achieve its mission
- Comply with external rules (laws/regulations)
- Draw from and point to helpful guidance and additional resources
- Establish internal governance
- Be readable, practical, and well-organized
- Be reviewed periodically and updated as needed
- Be understood and followed by all members of the organization
- Consider my Five Components for Policy Work.
- Are all organization members trained on the documents, cybersecurity, and cybercrime threats?
- Is your organization following the plan and properly protecting itself and the data it is entrusted with?
We can help in many ways
Whether you are just getting started or already have some cybersecurity policies and procedures in place, our services can help your organization protect itself from cybercrime and comply with increasing legal requirements relating to cybersecurity and privacy. We have experience developing and improving programs and policies tailored for organizations of any size or type. Aided by insight into what allows most cybercrimes to occur, we can help organizations prevent incidents and build a cybersecurity program that withstands scrutiny. Organizations are empowered to better manage their information assets efficiently and securely.
Review and improve
- Existing written documentation
- Existing practices
- Existing training and knowledge
- Legal requirements
- Written policies, standards, and procedures
- Unwritten, verbal "policies" may not be worth the paper they are not printed on.
- Create new documentation if needed
- Help prevent a cybercrime or other incident
- Help ensure compliance with cybersecurity requirements
- Written policies, standards, and procedures
- Implement and train
Take a step to improve now
No one plans to fail, but organizations sometimes fail to plan.
Get your cybersecurity plan in place, and then continually improve it.
Provide enough information about yourself, organization, and wishes to ensure a response, but do not include confidential information.
John Bandler has unique expertise that spans law, technology, business, cybersecurity, investigation of cybercrime, writing, training, and speaking. He is licensed to practice law in NY, CT, and DC, and holds many certifications in cybersecurity, technology, and more. He is the author of two books and many articles, teaches at the law school, graduate, and undergraduate levels, and is an accomplished speaker. Previously John served the public as a prosecutor (where he investigated and prosecuted cybercrime among other offenses), state trooper, and military officer.
For more information about improving your organization, cybersecurity, and cybercrime, see:
- I offer a variety of Services
- Learn about my Five Components for Policy Work
- Get an Introduction to Cybersecurity
- See a single page Cybersecurity Tips from John Bandler
- Read about Cybersecurity Laws and Regulations Part 1 (general legal overview)
- See The Three Priority Cybercrime Threats
- Not every organization can afford to hire an expert yet. I have abundant resources on this site, including the above and:
This article is hosted at https://johnbandler.com/cybersecurity-review-improvement, copyright John Bandler, all rights reserved.
Posted June 2021. Updated 11/02/2022