Business owners and CEOs of midsize and small companies began to pay attention to the threat of cybersecurity after the infamous Target data breach. While the headline talked about Target being hacked, astute observers recognized the hacking did not go directly through Target – it went through a third party vendor. That vendor was an HVAC company. Target had strong security, but apparently not all of its third party vendors did, which allowed hackers to tunnel into Target’s corporate computers using access available to third parties who had lower security.
As a business owner or CEO, you can ensure your team addresses each of the important areas to avoid a catastrophic loss of your company through a cybersecurity attack leveled at you or one of the third party companies you are partners with. Increasingly, large companies are requesting, as part of the request for bid process, documentation about how your company is avoiding cybersecurity problems through reliable IT measures.
In a large organization, IT directors and CIOs generally do not have current knowledge to comply with the technological and legal requirements of doing business with large companies like Target. Usually, they hire outside help. This help typically comes in the form of a high level IT consultant, not an attorney nor an outsourced IT company. The issues are too complex for attorneys and the strategy development is too complex for most outsourced IT companies. This has created a niche of high-level consultants who create IT strategies for companies to comply with federal regulations that govern clients of the company. Companies that can demonstrate legal compliance and solid defenses against cyber threats stand a better chance in the request for proposal process.
As you prepare an IT strategy, the following is an issue/spotting checklist to help you avoid cybersecurity risks by addressing the core areas of your IT systems.
- Software applications: front office, middles office, back office, release management, and change management
- Infrastructure: online storage, local storage, online computers, local computers, network servers, routers and switches, client devices, telephony (telephone computers)
- Data: archives, preservation holds, asset management, bi ampersand reporting, integration, client information
- System architecture: environment, SER, company data, software architecture infrastructure architecture, platforms
- IT security: network, data, physical, devices, policies
- Legal: governance, ampersand controls, compliance ampersand reporting, acquisition ampersand retention, project management,
- Risk: liability, business continuity, insurance, risk to valuation
- Services: financials, strategy, service catalog, service level management, quality of service and continuity