More than four thousand ransomeware attacks have occurred every day since the beginning of 2016, and the risk of such attacks for your Institution continues to steeply rise. Despite the fact that a majority of United States organizations have experienced a cyber-attack either directly or through a vendor, regulators have not issued a set of cybersecurity minimum standards; therefore, U.S. businesses do not consistently address cyber threats.
This webinar will help you focus on what you can control to mitigate litigation and reputational risk, which is to have and maintain a commercially reasonable IT infrastructure that is suitable and appropriate for your Institution's risk profile. Discover how your organization can create a culture of cybersecurity continuity, which is achieved when a business's people, process, and technology are aligned with secure execution of the business strategy.
Defining and communicating your Cyber Risk Management Regime is central to your Institution's overall cybersecurity strategy, and all personnel must understand that they each have a role in protecting information, customers, assets, other employees, and your corporate mission. A 10-Step Checklist will be used throughout the session to help you learn how to design, implement, and monitor an efficient Cybersecurity Program.
When designing, implementing, and monitoring your Cybersecurity Policy, your Institution must be mindful of obligations under federal and state laws. We will therefore review proposed and enacted regulatory scrutiny at both levels of government, and all attendees will receive a 9-part complimentary Toolkit to help your Institution comply with these laws.
Key Learning Objectives
- Creating a Cybersecurity Culture. Discover how your Institution can continue your mission with only minor interruption despite (almost) constant cyber attempts to disrupt it.
- Cyber Risk and Threats. Define and provide examples of current types of Cyber Incidents, such as DDos or DoS attack; viruses; spyware; malware & Trojans; phising scams; ransomware; worms; doxing; and, baiting. Analyze 2016 and 2017 Statistics to understand the broad scope of cyber threats, and how the risk of such attacks for your Institution is steeply rising.
- Federal Regulations. Review federal rules and guidance governing cybersecurity culture and how this scrunity affects your Institution. Our complimentary 9-part Toolkit will help you comply with federal regulations.
- Other Regulatory Bodies. Discuss how state and other regulators are addressing cybersecurity within their governance. For example, did you know that (at least) 47 States have regulations requiring private, government, or educational entities to notify individuals of security breaches of information involving personally identifiable information (PII)? Our complimentary 9-part Toolkit will help you comply with state laws and other regulatory rules.
- Industry Best Practices. Examine industry best practices to determine how they can support your Institution's development of effective cybersecurity governance.
- Cybersecurity Policy Creation. Explore how your Institution can design, implement, and monitor an efficient Cybersecurity Program. Use our 10-Step Cybersecurity Checklist to define and communicate your Risk Management Regime to your personnel.
- Prioritize Cyber Risk. Risks to Your Institution's information and systems must be assessed with the same vigor as legal, regulatory, financial, and operation risks. Embed a Risk Management Regime across your Institution, supported by the Board and Executive Management.
- Existing Controls. Assess and document the controls and processes currently in place. Make note of the nature, sensitivity, and location of information your organization collects and/or stores, as well as existing databases, applications, and other assets.
- Written Cybersecurity Policy. Produce written security policies related to Network Protection, Malware Prevention, Secure Configuration of Systems, and Removable Media Controls. Establish relevant policies to comply with applicable laws and regulations.
- Incident Management. Create and test your written response and disaster recovery plans. Develop procedures for responding to actual or suspected cyber incidents (include a provision related to regulatory reporting).
- Vendor Management. Conduct an assessment of cybersecurity measures employed by third-party providers. Determine whether vendor contracts address information and technology issues related to cybersecurity threats. If unauthorized access to sensitive information is of concern, your organization should consider purchasing cybersecurity insurance.
- Program Implementation & Monitoring. Continuously monitor all systems and networks. Analyse logs for unusual activity that could indicate an attack.
- Personnel Training. Effective implementation of your Cybersecurity strategy requires officer and employee training. Discuss identified cybersecurity threats, as well as preventative measures, and how to activate the response plan once an incident is detected. Routinely review the Cybersecurity Policy to ensure compliance.
- User Education & Awareness. Your organization should educate clients about measures they can take to reduce their accounts' exposure to cybersecurity risks.
- Periodic Audit & Assessments. To prioritize existing cybersecurity vulnerabilities and mitigate internal and external cybersecurity threats, assess the impact a cybersecurity incident would have on your organization and review the effectiveness of your risk management structure.
- Program Maintenance. Your organization should continuously assess cybersecurity risks, and monitor and test your security controls to ensure your Cybersecurity Policy is tailored to the nature and scope of risks to your organization.
Who Should Attend?
Senior Leadership and Management, CTOs, CIOs, CFOs, CEOs, IT Officers and Staff, Risk Management Officers and Staff, Compliance Officers and Staff, Personnel Responsible for Third-Party Providers, Business Continuity Officers and Staff, and Human Resources Officers and Staff.