Let’s face it. There’s no such thing as perfect security. Data leaks, data breaches and privacy violations will happen. Despite this, many organizations don’t know where they are most vulnerable; who has access to their data; or whether their network security measures meet legal standards for prudent and reasonable safeguards.
In our last blog of VMLIP’s Cyber Awareness Month, we urge you to consider conducting an enterprise-wide cyber risk assessment.
Don’t wait until you’ve experienced a breach to deal with these issues. Address them now, before the bad event happens. Be prepared.
An cyber risk assessment is the single best way to improve your organization’s cyber security posture. A cyber risk assessment will identify and document any glaring security omissions or oversights, review privacy and compliance practices, and might also include activities such as penetration testing, using industry accepted standards as a benchmark.
That’s critically important, because if you don’t know what’s missing or broken in your security posture, you can’t fix it. In addition, when that inevitable data breach occurs, you may find yourself faced with a class action lawsuit.
When dealing with a plaintiff lawyer, judge and jury, a documented cyber risk assessment demonstrates that you took due care protecting your citizens’ sensitive information and that you had baseline security in place at the time of the breach. That increases the odds that the court will rule in your favor and reduces the likelihood of a huge settlement.
These assessments will provide you with a scorecard benchmarking your security practices against other public entities (municipalities, counties, etc.). If you have not registered for the VMLIP eRiskHub we recommend you do so today. Registering is free to all VML pool members.
To access the VML eRiskHub now:
- Navigate to http://eriskhub.com/vml.php
- Complete the new user registration at the bottom of the page. You pick your own user ID and password. The access code is 13522-3
- After registering, you can access the hub immediately using your newly created credentials in the member login box located in the top right of the page.
After you’ve self-assessed your security, consider engaging an independent third party to conduct a more thorough assessment on your behalf. When you self-assess, there’s always the risk that you will see the security you expect to see – not the security that actually exists.
On the other hand, an independent third-party assessor has no such expectations. They will evaluate what’s there – literally. Their findings will provide give you with a 360 degree view of your people, processes and technology, so you can:
- Reaffirm that reasonable practices are in place
- Harden and improve your security
- Bolster your defense posture in the event of class action lawsuits
If you haven’t already done so, sign up for the VMLIP eRiskHub today!
VMLIP offers more than just coverage. We are partners in risk management. How does your insurer stack up? Having all lines of coverage with VMLIP ensures that your organization is receiving comprehensive coverage and a wide variety of value-added services tailored to Virginia’s local governmental entities. Call for a quote today: (800) 963-6800. For more information on VMLIP visit: www.vmlins.org or follow us on Facebook.
** VMLIP blog postings are offered for VMLIP members to utilize in strengthening their risk management efforts. See copyright information for clarification on sharing this information.