In order to best determine your business’ ability to function in the face of a security incident, ask yourself the following question: If you or your staff were to lose laptops & mobile phones or servers tomorrow, would your business be able to operate? Usually the answer is “No” or “I don’t no.” Cyber attacks such as ransomware can have the same effect as companywide lost or stolen devices. Unless your business operates exclusively in a managed private cloud, secured scenario, chances are there are very important contacts, vendors, proposals and data that would cause some or all of your business operations to come to a complete standstill until the situation is remediated.

Another question you might ask is if your company, client or financial data were to be stolen and exposed on the dark web, what kind of impact can that make on your overall business. Data can be leaked, lost or altered rendering a myriad of consequences to the unprepared. A staggering amount of businesses that were subject to a backup failure or data loss as a result of a hacking incident go out of business within 9 months of the initial breach.

Businesses are governed by one or more regulatory requirements intended to preserve and safeguard data. HIPAA & HITECH cover health information technology privacy and security protections for patient records. SOX, GLBA and PCI-DSS all govern various financial and public sector financial and securities practices. CMMC, ITAR, DFARS relate to department of defense and controlled unclassified information (CUI) All businesses, however are required to protect personally identifiable information and fall into one or more requirement categories of confidentiality, integrity and availability of that data, protecting it from loss, alteration, leak or abuse. Ask yourself what regulatory fines would you face in the event of a breach?

How would a data breach affect your relationship with existing clients? How would a publicized incident affect your reputation?

We also review our Client’s E&O Insurance which typically reads there must be a security plan in place including well known basic security and backup systems in place regularly inspected.