add to folder:
Folders shared with you
What can you do?
- Risk assessment – Identify the security risks to information held by the organisation and the consequences of a breach of security
- Policy development – Develop a policy or range of policies that implement measures, practices and procedures to reduce the identified risks to information security
- Staff training – Train staff and managers in security and fraud awareness, practices and procedures, and codes of conduct.
- Technology – Implement technologies to secure information held by the firm, including through such measures as access control, copy protection, intrusion detection, and robust encryption.
- Monitoring and review – Monitor compliance with the security policy, periodic assessments of new security risks and the adequacy of existing security measures, and ensuring that effective complaint handling procedures are in place.
- Appropriate contract management – Conduct appropriate due diligence where services (especially data storage services) are contracted, particularly in terms of the IT security policies and practices that the service provider has in place, and then monitoring compliance with these policies through periodic audits.
Top tips and takeaways
- Cyber breach events are increasing and pose substantial risk to both public and private sectors.
- Given the stance regulators and government are taking on cyber risk, organisations which ignore cyber risk do so at their own peril.
- Understand the new data breach notification laws
- Policy review and updates.
- Build awareness to reinforce compliance over time.
- Allocate responsibility for privacy and data security at a Board Level.
- Review insurance policies and assess coverage for data breaches; consider whether cyber insurance is required.
- Train staff.
add to folder:
Folders shared with you
Popular articles from this firm
If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected].