Are You Required to be Cyber Compliant?

The interconnected digital world has been referred to as the wild, wild West. Hackers are eagerly looking to exploit the weakest line of code in mobile devices, applications and operating systems. And those are just a few of the types of technology at risk in today’s environment.

This document provides best practices and indicates that organizations connected to the Web should evaluate cybersecurity readiness by preparing prior to, in response to and for recovery from an intrusion.

What does proper preparation entail?

Adopting internal risk management policies and procedures;

Procuring the necessary hardware and software technology;

Engaging experts to evaluate, test, support and monitor the condition of the environment; and

Developing and testing a rapid response plan to address an intrusion.

In the world of cybersecurity, a prepared and tested incident response plan can operate as an excellent defensive weapon.

The first step in your internal risk assessment should be to identify what the DOJ refers to as the “crown jewels.” This includes mission-critical needs like sustaining operations and accessing certain intellectual and personally identifiable information stored or processed.

The assumption conveyed within the DOJ document is that businesses will proactively address the risk of a cyber-intrusion. Organizations that do not take reasonable steps to prepare for, respond to, and provide evidence of recovery monitoring after a breach put their legal standard of care and data privacy at risk for litigation.

The DOJ’s best practices for cyber incident and response are further testimony that organizations that ignore responsibility for the safety of their information are likely exposed to significant liability for failing to meet basic cybersecurity best practices. After all, these best practices provide valuable guidance that should be taken seriously by any business.

Want to learn more about cybersecurity fundamentals? The AICPA’s Cybersecurity Webcast Series with Ridge Global provides an analysis of today’s cybersecurity threats, the techniques used to protect against threats, techniques for detecting when attacks happen, and effective response strategies. The first webcast broadcasts May 12 at 2:00 P.M. In addition, you can find more cybersecurity news and information on the AICPA’s Cybersecurity Resources Center.

Susan Pierce, CPA, CITP, CGMA, Associate Director – IMTA, American Institute of CPAs. Susan drives the strategic mission of providing value to the IMTA professional, the CITP credential holder and the technology engaged CPA.

Bruce Sussman, CPA, CISA, CIPT, CISSP, is PCI Global Executive for AIG in New York. He is co-chair of the AICPA’s Information Management and Technology Assurance Section’s Cybersecurity Task Force.

Cyber compliance courtesy of Shutterstock.

Are You Required to be Cyber Compliant?

Related Stories