Janelle Drolet, vice president of operations and sales for Towerwall cybersecurity consulting firm in Framingham, offers some advice regarding compliance risk.
Get Instant Access to This Article
Subscribe to Worcester Business Journal and get immediate access to all of our subscriber-only content and much more.
- Critical Central Massachusetts business news updated daily.
- Immediate access to all subscriber-only content on our website.
- Bi-weekly print or digital editions of our award-winning publication.
- Special bonus issues like the WBJ Book of Lists.
- Exclusive ticket prize draws for our in-person events.
Click here to purchase a paywall bypass link for this article.
Â
10) No place to hide: The regulations, laws, and frameworks an organization needs to comply with will depend on its industry, location, and the type of data it processes. IBM cites the average cost of a data breach at $4.45 million.
9. Definition: A compliance risk assessment is a full review of all the requirements, control frameworks, and regulations for an industry from a cybersecurity standpoint.
8. A scheduled process: Companies should strive to make compliance risk assessments a regular process, to identify unforeseen gaps.
7. Regulatory risk: Broader than a compliance risk assessment, a regulatory and compliance risk plan includes building remediation plans and monitoring and mitigating risks.
6. Know your gaps: Evaluate your security controls and processes. Take time to discover any potential gaps. Come to an agreement on your company’s risk tolerance. Because no two cybersecurity risks are equal, it’s important to evaluate its likelihood, its potential impact, what programs are in place and tools are being used to monitor, mitigate, or block it.
5. Have a remediation plan: Organizations need to have a playbook ready to mitigate any potential data compromise. Define remediation steps, assign roles and responsibilities, lay out timelines, costs, and resource needs. Test, test, and re-test.
4. Remediation strategies: Consider building a cybersecurity strategy for your organization including the 4 P’s: people, process, partners, and products. Train employees in security awareness. Offer phishing simulation exercises.
3. Review and iterate: Test your plan to measure its effectiveness. Update the plan based on the risk assessment, remediation, and any changes in regulations, business operations, or risk tolerance.
2. Seek expertise: To avoid mismanagement, document your security program and processes thoroughly. Remain objective, which is difficult when it’s your own company. Many companies opt to involve security experts and automation tools.
1. Foster a compliance culture: Investing in employee training, creating clear policies, and promoting good compliance behavior among employees will help improve overall security.
