Breaches to enterprise data and information are making news with troubling regularity these days. Businesses of all sizes need to be aware of their security status, plans for handling breaches if they occur, and how to mitigate the risk of exposure for the company if it happens. I talked to two experts on the subject, David Katz, partner with Nelson, Mullins, Riley, and Scarborough, and Brian Mikes, VP with Marsh USA, a highly-regarded insurance company that has expertise in cyber security.
David and Brian shared information on the importance of having a plan of action in place for businesses large and small, for the necessary steps to take in the case of an actual breach of an enterprise’s network or data. They emphasized how vital it is to have such a plan in place well in advance of problems occurring. Given the variations in legal requirements for how to handle information breaches when they occur it is essential that the enterprise secures the expertise of a legal consultant familiar with the various laws affecting such data breaches.
Brian explained some of the nuances of risk reduction and policies designed to protect the business in the event data breaches do occur. We also got into the steps to take if it is discovered that a company’s network or data has been compromised.
David and Brian discussed some of the typical areas of weakness they discover when engaging businesses to evaluate their cyber security plan, policies, and procedures. With the extent of the internet of things, devices connected to the internet via networks, and vendor portals, there are a host of points of entry for hackers and other bad guys looking to engage in nefarious activities by penetrating an enterprise’s network.
David Katz, Partner, Nelson, Riley, Scarborough, and Mullins
Brian Mikes, Vice President/Advisor, Marsh USA