Five Ways to Reduce Cyber-Risk

More and more pressure is being put on the Securities and Exchange Commission (SEC) to develop better guidance for corporations and the disclosing of current breaches and their chance of future cyber risk. And while the current definition of cyber-risk is a subjective one, the day will come when these terms will be defined in better detail by the SEC. In order to prepare, companies should get ready for such disclosure now.

In order to better answer the SEC and investors when it comes to their level of risk, companies can take the following recommended actions, which can help them manage the risk associated with reliance on a global computer network.

1. Companies need to develop a complete view of their IT landscape. This includes information in regards to their ability in the areas of cloud computing, mobility, and virtualization. This requires an all-or-nothing approach, since any risk that remains unnoticed in one of these areas threatens the security of all the other areas of concern.

2. Automation of enterprise security and compliance is a must as manually created spreadsheets scream a lack of institutional control. Programming should allow the generation of the required information, as well as map any discovered IT risks all in compliance with regulatory control requirements.

3. Organizing how a company approaches risk provides another way to cut the cost of implementing a security plan while still coming into compliance. Start with the most obvious risk that can help reduce the largest amount of overall risk and work from there. This allows risk managers to appoint the appropriate teams that can work toward alleviating the company of the risk.

4. Make sure those who have access to areas in a computer network actually need that access. Reducing access to privileged areas to only those who require it can greatly elevate the overall security of a network. The fewer people who have access to vital areas, the less a chance of security being compromised.

5. One area that needs stressing is in getting employees onboard with the company’s overall security efforts. The end-user is often the most vulnerable point of the security process. Making sure employees understand the risks involved and what is at stake can help them feel a part of the overall security scheme, making it less likely that they unwittingly give access to company resources.

For more information about reducing cyber-risk, visit: http://www.forbes.com/sites/ciocentral/2013/05/15/how-to-prepare-for-when-the-sec-comes-asking-about-cybersecurity-risk/