Recently, the Securities and Exchange Commission (SEC) published a guidance update outlining strategies that businesses should take to defend against and mitigate cyber security threats. Financial breaches get top priority on news sites when they happen and the news spreads fast.
In response to these concerning attacks, the SEC highlighted specific actions businesses should take to protect their sensitive information. Today, we’re sharing those guidelines. (And don’t forget, Oram can help you and your business overcome cyber security hurdles.)
First, plan to schedule regular assessments. Ask yourself some questions. What information do you store and specifically, what sensitive information does your business keep a record of? What technology systems do you use to collect, process and stores this information? What external and internal vulnerabilities might you have from those systems? What security controls and processes are currently in place? If a breach occurs, what might the impact be?
An effective assessment in which you ask and address these questions, done at regular intervals, will help your business plan for and mitigate risk. Then, you can define your cyber security strategy. In order to prevent, detect and respond well to cyber attacks, you’ll want to create a plan for how your business will handle threats.
A well thought out plan should include some of these elements:
- Set up user credentials, authorization methods, firewalls, tiered access to information and networks, and a checklist for systems hardening
- Encrypt sensitive data
- Define rules and procedures within your company for the use of removable storage media and software deployment
- Set up technology to monitor for intrusions and unusual events
- Create and implement a plan for data backup and retrieval
- Define a specific incident response plan
Next, you’ll want to implement your strategy. Cyber attackers don’t procrastinate, and you shouldn’t either. Put the plan into action through training employers and officers, setting up written policies and procedures, and educating your investors and clients about how they can reduce their own exposure to cyber security threats.
Based on your business’s industry, regulations, and operations, your cyber security strategy needs to be tailored specifically to your areas of risk. You can be best prepared by following these SEC guidelines, which will help prevent threats, and mitigate the impact in the event of an attack. In addition, your business will be in compliance with federal securities laws.