Note: Running Fridays in FromGregsHead.com, is a continuing series of tips brought to you by Greg Price. These run Saturday mornings during the BusinessMaker’s Radio Show on KPRC 950AM. Audio files can be found on the PKF Texas – Entrepreneur’s Playbook® page of the PKF Texas website.
Spyware, trojans, malware, botnets, social engineering, and other crimeware are working to get into your systems and steal your critical data and banking credentials. Are you protected from this onslaught of attacks? Even considering how prevalent cybercrime attacks are in today’s business environment, a 2008 Deloitte study found that 65% of US companies do not have a documented process to assess their cybercrime risk. The same study found that 95% of CFOs are not involved in the management of the information security risks despite the importance of financial data and the potential financial impact of a security breach.
The Internet Security Alliance and the American National Standards Institute recently published a framework to assist businesses with developing a comprehensive plan to deal with the financial management of cybercrime. The framework provides structure for the involvement of the entire organization in protecting and defending its assets. The report focuses on the following process areas:
• Human Resources
• Legal and Compliance
• Operations and Technology
• External Communications and Crisis Management
• Risk Transfer and Insurance.
Companies should be particularly mindful of their electronic business assets, including intellectual property, customer records, bank accounts, and proprietary data.
Completing a detailed information technology risk assessment should provide a company with the knowledge they need to effectively begin to plan their mitigation strategy to combat cybercrime. Remember, the criminals are working equally hard to stay ahead of your processes and gain access to your assets. If they win, you lose….and maybe you lose your company.