October is National Cybersecurity Awareness Month! There’s no better time than now to ensure your company is prepared to tackle the ever-present risks associated with cybersecurity vulnerabilities.
This is CGL’s basic checklist for cybersecurity planning for maturing and mature companies. For information about cybersecurity and privacy for startups and early-stage companies, read our blog on the topic.
Cybersecurity Action Planning Checklist
We strongly recommend all companies have a robust and comprehensive plan for minimizing or preventing cyber risk and another for mitigating your losses and liability following a breach. Here’s what that looks like:
□ Assign responsibility for understanding and managing cybersecurity risk to (at least) one senior leader (including all cyber relevant incident reporting obligations).
□ Audit all data flows in your company and supply chain to identify internal and external cyber vulnerabilities.
□ Contemplate whether cyber insurance is right for your business.
□ Create template policies for 3rd party vendors, including requirements for your vendors to obtain and hold cybersecurity insurance. Sometimes, these requirements can be detailed within your commercial agreements with vendors.
□ Embed a culture of good cyber hygiene in your workplace.
□ Practice cybersecurity safety across your workplace devices, including safe meeting protocols (read more in this Zoom blog post).
□ Prepare (and routinely stress test) a thorough, step-by-step incident response plan for use in the event of a cyber breach. This should include template notifications that may be delivered to relevant stakeholders following a cyber event. (Read more about this in our blog post)
□ Monitor relevant cyber security events. Here are two helpful resources: FBI Cyber Crime Page and The Cybersecurity & Infrastructure Security Agency
□ Calendarize routine stress tests, audits, assessments, and reviews for your cybersecurity policies and infrastructure. Cybersecurity risk is a moving target, sitting on stagnant policies is not sufficient.
If you need assistance managing cybersecurity risk in your organization, don’t hesitate to reach out. We’re here to help!
The materials available at this website are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to this website or any of the e-mail links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.