MDNews - Cleveland-Akron-Canton

May/June 2018

Issue link: http://viewer.e-digitaledition.com/i/994625

Contents of this Issue

Navigation

Page 19 of 23

IN THIS, OUR third article on cybersecurity, we will discuss identi f y i ng a nd m itigati ng cybersecu r it y r isk s w it h i n your orga nization. In order to protect your orga n ization f rom potentia l cybersecurit y threats, you f irst need to understa nd where those risks may exist. A risk assessment is a process that will assist you in identif ying, qua ntif ying a nd mitigating cybersecurity risks. A risk assessment should be completed on a reg ula r basis to ensure that your complia nce progra m is in line with current business practices as well as ever- cha ng ing lega l a nd reg ulator y requirements. The f irst step in conducting a risk a ssessment may be to identif y existing compa ny data . A sk t hese questions throughout your orga nization: what is the data , location, access a nd business need. The second step is to identif y existing business practices in connection with collection, use and storage of data. If you have a privacy policy, ask whether your business practices a re in complia nce w it h what you promise in t he policy. Identif y what other company policies you may have in place that assist employees in properly dea ling with company data. This step involves gathering written information as well a s ta lking to functiona l a rea s such a s ma rketing, huma n resources, f ina nce, a nd information technolog y to f u l ly understand how data is used throughout your organization. The third step in a risk a ssessment is to a na lyze a ll of the information you have gathered a nd to identif y a ny gaps in policies, technolog y, tra ining, monitoring a nd auditing. The f ina l step in completion of a risk a ssessment w i l l include a summa r y of f indings with action pla n prioritized by level of risk to ma ke any necessar y improvements to your Cybersecurity RISK ASSESSMENTS BY ALLISON E. COLE, ESQ. cybersecurit y complia nce prog ra m. The action pla n should include disaster recover y a nd contingency pla ns as well as a breach response playbook that governs incident response policies a nd procedures. Next article: Data breaches and the importance of the data breach response playbook NOTE: This genera l summar y of the law should not be used to solve individua l problems since slight cha nges in the fact situation may require a materia l va ria nce in the applicable lega l advice. Allison Cole is an attorney with the law firm of Krugliak , Wilkins, G rif fiths & Dougherty Co., LPA , in Canton , Ohio. ■ 2 0❱❱❱❱❱ L E G A L— E A S E

Articles in this issue

Archives of this issue

view archives of MDNews - Cleveland-Akron-Canton - May/June 2018