All Things Newz
Law \ Legal

The cyber lifecycle – Security



To print this article, all you need is to be registered or login on Mondaq.com.

Cyber and Privacy is an area that is constantly changing.
Technology evolves, threats become more sophisticated, and
regulation is always developing. While that can make this area
daunting to deal with, it doesn’t have to lead to paralysis.
Like with any dynamic area of regulation, having a structured
strategy is key. At AB we like to break this area down into three
stages: Preparation, Incident Response, and Maintenance.

Preparation and Prevention

Much like with your health, when it comes to your cyber security
and management of personal data, prevention is always preferable to
treatment.

There are a host of actions that companies can take before they
ever have a problem. Every company has a cyber infrastructure
(whether they know it or not), and small changes can make a big
difference. This can range from standard reviews of your policies,
cyber security controls and data arrangements, through to
comprehensive Privacy Impact Assessments and incident response
plans.

For a comprehensive approach, consider arranging a Cyber Health Check, or just reach out for a
chat.

Incident Response

Cyber incidents can take many forms, ranging from the
sensational to the mundane – but they tend to have one feature in
common – when they happen, time is of the
essence
.

While cyber attacks are becoming more prevalent, from a
regulatory perspective, privacy breaches can be just as
problematic. While a ransomware attack can clearly be costly (and
often preventable), accidental privacy breaches can show weaknesses
in systems and processes that are often of more interest to a
regulator.

No matter what the incident, outcomes will always be better if
there is an established incident response plan already in place.
Either way, however, the initial steps for any incident will be
broadly similar:

  1. Establish initial containment;

  2. Determine the source and extent of the breach

  3. Ensure the system is secure;

  4. Determine if/what data was affected;

  5. Consider if the breach has regulatory implications;

  6. Prepare communications to clients;

  7. Prepare communications to regulators;

  8. Remediate.

There are two skill sets that are essential to managing
incidents effectively: forensic and regulatory – and at AB we have
both.

The overarching message is this: cyber incidents must be
responded to quickly and by multi-disciplinary teams with
experience in managing cyber incidents.

Maintenance and regulatory management

In an area where change is constant, ensuring your cyber
infrastructure remains up to date is an ongoing challenge. As
technology continues to evolve quickly, the regulatory environment
is in a constant state of flux, and the market demands increasingly
digitised products, services, and business practices.

From a business perspective, this means a constant stream of
regulatory queries, client enquiries, and change projects – the
‘day to day’ of cyber and privacy.

This can be managed through a dedicated internal resource – and
in fact many larger firms appoint a Privacy Officer, or a
compliance staff member to manage these issues.

For those firms where that’s not efficient, an external
solution like our Outsourced Data Privacy Officer can be
effective.

Wherever you may be positioned with respect to your cyber
journey – feel free to reach out and we can move forward
together.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Technology from Australia



Source link

Related posts

Top Tips For Drafting And Negotiating An Underwriting Agreement – Securities

FDIC Final Rule And Its Impact On Bank Partnerships – Financial Services

Do not tick off the regulator: The role of the humble checklist – Financial Services