There was a time that this would have been laughable. As a bank customer you could understand that some machine was out of sync and documents where mismatched with envelopes. In fact, in the “old” days when you actually received your canceled checks back with your monthly statement I remember receiving someone else’s canceled checks. I contacted the bank and they were able to straighten out the mix-up. It was not something we worried much about, back-then.
Today’s world is much different. Data breaches are linked to identity theft. Identity thefts create so many challenges for the victims. Bad credit scores, denied loans, governmental actions and of course, lots of aggravation for the victim and what seems like little penalty for the culprit, if they are ever captured.
The only party the government seems to be able to touch effectively is the original holder of the information, in this case the bank. The regulators have their calculators lined up, charging fees and fines. In a post breach situation, the offending organization is at the mercy of the regulators and courts. In some cases there really is some negligence and the penalties are justified. Sometimes these organizations become scapegoats for the industry.
Whenever an organization finds itself in a post breach situation it is like a roller coaster ride. You just have to ride it out and pay whatever you have to make the problem go away and identify and remediate the vulnerability.
What a difference it makes in a pre breach situation. You have the time to do audit and analysis, testing and documentation. Parts in a well organized Written Information Security Program (WISP) plan. Of course, there is more to a WISP plan than a technology audit. WISP plans ensure that all aspects of information technology infrastructure, human resources, legal, and insurance issues are addressed. The depth and expense of a WISP plan is tied to the complexity of the operation it is designed to protect.
A WISP plan is not an event, it is a process. A process too complex to be navigated alone. That is why Dolvin Consulting has teamed up with industry experts Cyber Security Auditors and Administrators (CSA2) to work with your team to design, plan, and implement a working WISP plan so that you can sleep at night. Contact us today. We are here to help!
No comments:
Post a Comment