THE CYBERISK CHEK
Each Report is divided into three sections;
Detailed "by item" Analysis of Risk
“Snapshot of Cyber Preparedness”
Provision of; a review of the Overall Risk Impression Value, detailed summary of the Average Total Risk Value and lastly your Cyber Preparedness Percentage Score which determines your ability to withstand future Cyber Threats. This is the first step in your Cyber Security Implementation Program (CSIP).
Thirty-Seven categories of integral risk avoidance topics are reviewed and weighted by associated risk level. The results are color coded for ease of understanding and broken down by level of importance.
Three Prioritized Action Plans are provided based upon the data collected from the client’s question / answer session. Priorities are qualified by; Extreme, High and Elevated based upon risk of security controls being compromised with the possibility of measurable losses.
Private client data can yield corporate secrets like upcoming mergers and transitions that are not yet public knowledge, as well as financial data that can be lucrative for hackers. Hackers will sometimes target the law firm of a company that stops or prevents their cyber-attack in order to get the information they want about that company, because law firms don’t usually have as much protection against cyber-attacks.
2015 was the first year that the legal sector appeared on Cisco’s annual ranking of industries targeted by hackers—debuting at number 6. Law firms’ clients are taking notice. Many financial institutions now require law firms to complete checklists and subject themselves to audits of their information security apparatus. Reports and surveys in recent years from various sources (Citigroup, Marsh USA, and even the ABA) have concluded that law firm cyber security efforts generally are less than adequate and have chided law firms for failing to publicly disclose security breaches.
Law firms have an ethical and professional duty to make all reasonable efforts to protect the information they hold. Remaining the weakest link protecting their clients’ data is an unsustainable proposition. Not only does it expose firms to considerable liability, but it also threatens their ability to retain their clients and has a direct effect on their reputation and credibility.
Recent leaks setting the pace for 2017/2018 are; “Panama Papers – 11 Million documents”, “Cravath Swain & Moore LLP –03/2016”, “Weil Gotshal & Manges LLP.” and it was recently discovered that Russian cybercriminal “Oleras” targeted 48 of the USA’s most prestigious law firms to try to steal confidential client information for purposes of insider trading.
The expectation of privacy surrounding medical records and the links to patients’ financial records are just two reasons for hackers to target healthcare companies with cyber-attacks. Unfortunately, healthcare networks don’t tend to be as well-protected as financial ones have come to be, so they are easier to attack, even if less lucrative for hackers. The sheer volume of healthcare data breaches from 2016 supports this claim, with at least one breach having occurred every single day. This resulted in more than 27 million patient records being affected. Cyberisk Chek provides a clear and concise plan to ensure data security and to reduce exposure to threats.
The potential cost of cyber-attacks is too high for any organization to ignore. Yet many still rely on antiviral software or their IT department to root out attacks. It’s imperative that employees and the end users of association assets be trained to recognize suspicious activity and report it immediately. Understanding the core risk threats and beginning a plan to minimize and eliminate them is where Cyberisk Chek plays an important role. Protection of your systems directly affects the members of your association. Once you have begun, the goal would be to provide a value-added proposition to your members through the Cyberisk Chek analysis, to ensure they are also protecting their assets.
EMERGING RISK; BRING YOUR OWN DEVICE (BYOD) &
CHOOSE YOUR OWN DEVICE (CYOD)
The Bring Your Own Device (BYOD) experience of the last several years has increased with the advent of accelerated use of remote business operations — replete with incidents of data leakage, unauthorized access to company data, and systems and employees downloading unsafe apps and content — has left IT executives understandably uneasy about the security implications of continuing to let employees use their personal devices for work.
Moving to a Choose Your Own Device (CYOD) regime would mean that management can limit employee access to certain apps and even certain functions. And instead of burdening users with the responsibility to install anti-virus software, administrators would be able to take the lead in highly securing the devices and enforcing policy-based administrative controls and network settings in a more centralized fashion. But, CYOD makes the corporation responsible for buying the devices as well as for providing ongoing security management. So, while a CYOD model may help increase security, the organization winds up paying the full tab and may be stuck with outdated technology in inventory.
In either case it is imperative to fully understand the cyber risks associated with both the device and the environment with which it will be operated.
Cyberisk Chek provides an easy and informative way to set the “ground rules” for both infrastructures.