As we ring in the new year, many individuals are evaluating what habits and activities they can let go of. Unfortunately, one activity is here to stay: cybercrime. Experts estimate about 200,000 cyberattacks occur every week.1 Consider the following New Year's cyber resolutions to help start the year off right.
1. Assess & Implement Your Organization’s Third-Party Risk Management (TPRM)
Doing business with third parties, e.g., vendors, suppliers, or service providers, can result in operational failures, data breaches, and more. In fact, cybersecurity professionals have seen an increase in third-party security incidents over the last few years. Implementing a program to assess your third parties is crucial to help reduce these risks.
If you don’t already have a TPRM program in place, you’ll want to develop and implement a program that includes policies, methodologies, an organizational structure, and a technology platform that enables your activities. After implementing or right-sizing your TPRM program to fit your business needs, the next step is creating consistency. This includes operationalizing the TPRM life cycle: governance, inventory, due diligence, contracting, ongoing monitoring, offboarding, and reporting.
For early-stage TPRM programs, it’s easy to implement a risk assessment and then forget about it. That’s why it’s important to mature your TPRM program to the point that the TPRM life cycle is part of your corporate and cyber risk culture and business-as-usual operations.
2. Create & Review Your Incident Response Plan
A ransomware attack occurs every 11 seconds.2 More than likely, your organization will be targeted at some point, so creating an incident response plan can significantly reduce the amount of downtime and costs an incident may cause. This plan can help you know how to respond quickly and stop any further contamination from the malware throughout the network.
Test this plan to make sure all the unknowns are worked out before you find yourself in a response situation. Once an attack happens, report any findings and analyze how the ransomware variant entered the network in the first place. Be sure to update your response plan as needed to help you keep up with evolving attacks.
3. Be Aware of Consumer Privacy Concerns
Many businesses collect, track, and store consumer data as part of providing valuable services to clients and customers. As consumers become more attuned to how their personal information is handled, and privacy laws offer consumers more transparency and rights surrounding their information, organizations need to be thoughtful in establishing a data protection program. Understanding the nature of consumer and personally identifiable information your organization has is a critical first step in addressing compliance with emerging state privacy and protection regulations.
As an organization, you can do the following to help begin addressing consumer privacy requirements:
- Be transparent about the data you’re collecting
- Limit the categories of data you handle to only those absolutely necessary
- Understand your data privacy compliance obligations
- Perform a data privacy compliance assessment to evaluate current compliance status with applicable regulations
- Educate your employees on the appropriate handling of sensitive information
Cyber risk will continue to be a key focus heading into 2023. Don’t delay in enhancing your cybersecurity and data privacy program.
If you have any questions or need assistance, please reach out to a professional at Forvis Mazars.