On this Data Privacy Day, it’s time to speak to those on corporate boards, because there’s an opportunity to make 2023 the year of building cybersecurity culture – starting by the highest level.

Today, when it comes to an organization’s cybersecurity strategy, the question is not IF a breach will occur, but WHEN. Cybercriminals are becoming more sophisticated and the frequency of attacks is increasing. Staying on top of every threat is like trying to ice skate uphill. And with the average cost of an expected data breach to reach 5 million dollars in 2023, it is essential to prioritize your security strategy to protect your most sensitive data.

With the increase in the number, frequency and sophistication of threats, it is important for organizations to establish a security-focused culture, where employees at all levels feel empowered and responsible for not only protecting sensitive data , but also to strengthen the resilience of the company. However, organizations often turn their attention to employee safety training and forget to bring those at the top. As boards become more aware of privacy and data protection, they are increasingly interested in participating in the governance of both.

Here are five helpful steps board and C-suite members can take now to build their cybersecurity expertise in 2023 and beyond.

  1. Add a cybersecurity expert to the board. This will help foster a culture of cybersecurity and make data governance and security a priority at the highest level of the organization. Visibility is key to building trust by helping people understand how data privacy, data security, and compliance are maintained behind the scenes. This also applies to the board of directors. Having clear and well-understood policies and solutions can drive investment and buy-in. In fact, the United States Securities Exchange Commission recently proposed a new rule that mandates cybersecurity experience at the board level, as well as regular reporting among its recommendations. And not just regulators are pushing for more of this board-level knowledge – MIT recently launched a course to teach Council members security tactics.
  2. Create a cybersecurity committee in which qualified members of the board of directors can participate by advising and mitigating risks. The creation of this committee opens the door to more resources and support, as the CISO and his team have the opportunity to build allies and champions within the board, the C-suite and across the board. organisation.
  3. Perform a cost-benefit analysis on cybersecurity insurance. While cybersecurity insurance can be an effective part of an organization’s overall security strategy, it’s expensive and usually doesn’t cover everything. Cybersecurity insurance is a tool in a company’s security toolbox to recover losses resulting from unforeseen incidents – it is not meant to substitute for risk management. An insurance payment may cover the cost of a breach, but it will not cover damage to reputation and trust. Every business is different and so are their security needs, so it’s important to assess all factors and decide if it meets your business needs.
  4. Learn about the distinct differences between data privacy and data security. These terms are often confused with interchangeable ideas; however, although they are related, they are fundamentally different. Data privacy focuses on how personal data is collected, used and shared. Data privacy laws and regulations may vary from region to region, each with varying degrees of stringency and enforcement. Conversely, data security focuses on how sensitive data is protected against external and internal threats. From a compliance perspective, taking ownership of data security means being responsible for adhering to applicable data privacy regulations, such as the EU GDPR (General Data Protection Regulation) and CCPA. (California Consumer Privacy Act), to name a few. If an organization gets its data security framework right, it can ensure data privacy for its customers. If not, that’s a problem. Of all the information available, a person’s identity is the most coveted piece of data, and when it’s mishandled, that’s where the opportunity for fraudsters arises.
  1. For user authentication, it’s time to adopt some friction For years, experts have touted the need to eliminate friction (or passive authentication) in the identity verification experience of consumers, employees, and citizens. However, when friction is completely removed, that’s often when a breach occurs, especially when that friction is reduced by workarounds rather than complexity reduction. There’s a notion floating around among experts that some level of friction can serve to build trust – if people have no barriers to accessing apps and services, they start to wonder if there’s whether or not there are security measures in place. This tells us that organizations need to strike the right balance between minimizing friction and maintaining customer confidence in an organization or government’s ability to protect their personal data, because when systems are secure, employees are activated, partners are confident and customers feel safe doing business. with the organization, then you know you have a formula that works.

Board involvement in an organization’s data privacy and security governance can only lead to a better security posture and help mitigate risk. So go ahead and look for opportunities to engage with your organization’s CISO to see how you can help keep sensitive data secure.

Want to know how Entrust can help you with your organization’s cybersecurity strategy? Visit our website: https://www.entrust.com/identities-payments-data-protection

The post Data Privacy Day is a time to build your board-level cybersecurity expertise appeared first on the Entrust Blog.

*** This is a syndicated Entrust Blog Security Bloggers Network blog written by Mark Ruchie. Read the original post at: https://www.entrust.com/blog/2023/01/data-privacy-day-is-the-time-to-ramp-up-your-board-level-cybersecurity-expertise/

Source link

Leave A Reply