A STRATEGIC APPROACH TO MANAGING CYBER SECURITY RISKS

Proactively and successfully managing cyber risks has consumed the focus of organisations globally. Protecting the infrastructure on which an organisation functions is paramount to maintaining the trust of consumers and stakeholders. Equally important is a company’s resiliency should a breach occur.

There are security and compliance considerations that organisations should consider when establishing a cyber security compliance framework, ensuring that industry standards are met, data and information are protected, and business operations are sustained. Key considerations are outlined below.

Maintain regulatory compliance. Depending upon the industry and geography, many laws establish compliance and security guidelines that protect sensitive and confidential data (which is a target for bad actors) and manage the risk associated with this data. For example, the General Data Protection Regulation (GDPR) requires that personal data be maintained and processed securely, leveraging organisational measures and technical safeguards that not only protect but also detect security events and minimise the impact such an event might have an on organisation’s data and operations.

Similarly, in the US, the Health Insurance Portability and Accountability Act (HIPAA) establishes privacy and security rules governing personal health information (PHI) that require healthcare providers and their business partners to establish specific physical, administrative and technical safeguards to protect electronic PHI against theft, breaches and unauthorised access by hackers.

Lastly, the Payment Card Industry Data Security Standards (PCI DSS) is a global security standard governing the storage, processing and transmitting of credit cardholder data and related sensitive information, and establishes robust security obligations to enhance the protection of cardholder data. Each of these examples is anchored on data protection and implementing measures that safeguard sensitive data through various means, such as encryption, access controls and storage protocols.

Jan-Mar 2024 Issue

Patterson Companies, Inc.