Cyber Liability Risk Management 101
|Click Here For A Cyber Insurance Quote
Call us toll free at 1-866-287-0448
All companies should develop and maintain clear and robust policies for safeguarding critical business data and sensitive information, protecting their reputations and discouraging inappropriate behaviour by employees.
Some companies already have these types of policies in place, but they may need to be tailored or updated to reflect the increasing impact of cyber liability risk on everyday transactions, both professional and personal. As with any other business document, cyber liability security policies should follow good design and governance practices—not so long that they become unusable, not so vague that they become meaningless, and reviewed regularly to ensure that they stay pertinent as your business’ needs change.
There are many things that can be done to limit the potential damages associated of cyber liability within your organization. ALIGNED has 5 recommendations that we share with our clients to help better protect them from the very real and increasing risk from cyber liability. We’ve shared 1 of our 5 suggestions below.
#1 Establish Security Roles & Responsibilities
One of the most effective and least expensive means of preventing serious cyber security incidents is to establish a policy that clearly defines the separation of roles and responsibilities with regard to systems and the information they contain. Many systems are designed to provide for strong role-based access control (RBAC), but this tool is of little use without well-defined procedures and policies to govern the assignment of roles and their associated constraints. At a minimum, such policies need to clearly identify company data ownership and employee roles for security oversight and their inherent privileges, including:
- Necessary roles, and the privileges and constraints accorded to those roles
- The types of employees who should be allowed to assume the various roles
- How long an employee may hold a role before access rights must be reviewed
- If employees may hold multiple roles, the conditions defining when to adopt one role over another
Depending on the types of data regularly handled by your business, it may also make sense to create separate policies governing who is responsible for certain types of data. For example, a business that handles large volumes of personal information from its customers may benefit from identifying a chief steward for customers’ privacy information. The steward could serve not only as a subject matter expert on all matters of privacy, but also as the champion for process and technical improvements to handling of personally identifiable information (PII).
|ALIGNED Across Canada 100% Canadian owned, ALIGNED is a premiere insurance brokerage that serves more than 1,400 clients across the country. ALIGNED’s offices in Toronto, Calgary and Vancouver are supported by a national operations centre in Cambridge, Ontario. Uniquely within the industry, ALIGNED creates, negotiates and delivers the best business insurance and risk management strategies/solutions to organizations like yours.|
Other related posts: