3 minute read

Is Your Organization Trustworthy? 5 Essential Cybersecurity Promises to Keep

Given the increasing dangers posed by data breaches, identity theft, and other cyber threats, read this post for the five promises your organization should be able to make—and keep—to earn the trust of employees, customers, shareholders, and others.

data breach trustworthiness

Is Donald Trump trustworthy? Is Hillary Clinton? National polls are asking those questions because the answers could decide who will become the next president of the United States.

Like political candidates, organizations need to be deemed trustworthy to win the backing of the people they serve. A trustworthy organization—whether a business, hospital, or government agency—is more likely to earn customer loyalty, attract investors, and win public support.

Given the increasing dangers posed by data breaches, identity theft, and other cyber threats, one of the best ways for an organization to earn trust is to show that it is doing everything possible to protect the private, sensitive, and confidential data entrusted to it. With that in mind, the following are five promises your organization should be able to make—and keep—to earn the trust of employees, customers, shareholders, and others.

Ransomware 101: What to Do When Your Data is Held Hostage

Promise #1: “We are constantly reviewing and updating IT protections and solutions.”

This first promise focuses on IT security. Note that it is not a static promise that your organization reviewed industry-leading protections one time and then implemented them. To earn trust, you need to constantly review and adjust your IT security measures to ensure that they remain among the best in your industry.

Promise #2: “We thoroughly evaluate incidents and act quickly if we identify a potential breach.”

Do you conduct a thorough risk of harm analysis to assess whether each incident rises to the level of a data breach? To be done right (and avoid government scrutiny), incident analyses require expertise and experience—not judgment calls. When there is a data breach, make sure you have an incident response plan in place so you’re ready to respond quickly and begin the process of winning back lost trust.

Promise #3: “We have a trusted breach response partner in place.”

A key piece of your incident response plan should be teaming with a breach response partner with the experience necessary to guide you successfully through the complexities of a timely response that complies will all state and federal laws.

Many organizations now have cyber insurance policies, but insurance carriers don’t drive breach responses, and if your policy includes a list of potential response partners, you may not enjoy working with any of them. The better approach is to choose your breach response partner first and then find an insurance carrier that will put that partner into your policy.

Promise #4: “We have robust employee training programs in place.”

Most data breaches can be traced back to human error, which is an especially sobering thought for organizations with hundreds or even thousands of employees and contractors.

Fortunately, employee training on social media use, document retention practices, bring-your-own-device policies, and more can make a big difference. In fact, employee training can reduce the risk of a cyber attack by up to 70 percent, according to a 2015 study by Wombat Security Technologies and the Aberdeen Group.

Promise #5: “We routinely have third parties review our IT systems, policies, and procedures, and test them for compliance and current best practices.”

If and when a breach occurs, you should be able to tell affected individuals that—from IT security measures to device access policies—your organization followed best practices, repeatedly tested what was implemented, and made updates as necessary. Hiring a third party to perform regular audits allows internal staff to focus on their work and reassures regulators and auditors that your organization did everything possible to prevent a breach.

Can you make all five of those promises right now? If the answer is no or you’re not sure—or if you are confident in a few areas but not others—it’s time to reassess your cybersecurity measures and earn the trust of those who are worried about their data and identity security. When a data breach occurs, you can then step up with confidence and say that your organization took every precaution, followed best practices to prevent the attack, and is responding quickly—all of which will go a long way toward making your organization trustworthy in the eyes of customers and constituents.

Ransomware 101: What to Do When Your Data is Held Hostage

About IDX

We're your proven partner in digital privacy protection with our evolving suite of privacy and identity products.