CyberRisk Mgt Blog Column

  • David Reedy, Managing Member
    CyberRisk Management, LLC

  • 7 Signs that your Security Risk Management may be inadequate!

    Cyber threats and the need for enhanced security management is a recurring theme in today’s news headlines. In previous decades, security in most organizations was primarily a technical discussion relating to firewalls and anti-virus controls. However in the last ten years, security has evolved into much more of a risk management issue.

    Read More

    Posted in CyberSecurity | Leave a comment

    Who is subject to GLBA Compliance?

    Who is subject to GLBA Compliance?

    Many are under the perception that the Gramm-Leach Bliley Act (GLBA) affects only banks. However there are many other organizations involved in providing financial activities that are also subject to these regulations; thereby impacting their security posture.

    Read More

    Posted in CyberSecurity | Leave a comment

    Ransomware: To Pay or Not to Pay?

    Ransomware dominates the headlines in IT security publications due to the continued success cybercriminals are enjoying with it. Ransomware is probably the bluntest sort of malicious software you, or your organization, are likely to experience.

    How much Ransomware risk can you tolerate?

    Read More

    Posted in CyberSecurity | Leave a comment

    Business CEOs Are Asking the Wrong Question About Cybersecurity Threats

    Ask an executive at most small businesses about cybersecurity, and the rest of the conversation is predictable. The first question they’ll ask is, “Should we worry about being a target?” The answer is a resounding YES—but it’s really not the question business leaders need to be asking.

    The more appropriate question is,“What is our risk?”

    Read More

    Posted in CyberSecurity | Leave a comment

    Community Banks Fall Short on Event Log Monitoring

    Which security protocol have most community banks failed to implement, despite several years of FDIC recommendations in audit reports? Event Log Monitoring!

    Event log monitoring is an important security management practice, but adherence to this practice is largely unmet by many local and regional banks. Many FDIC auditors recommendations include a daily review of all security events and retention of event logs for 12 months with reporting capabilities, in case needed for forensic review at a later date.

    Read More

    Posted in CyberSecurity | Leave a comment

    Achieving data security requires a comprehensive, more holistic approach

    Protecting confidential data is a difficult task, and one that shouldn’t be taken lightly. The consequences for security failures can range from lost competitive advantage, due to the exposure of intellectual property, to reputational damage, due to the loss of clients’ sensitive information, to ultimately fines and/or severe legal judgments.

    Read More

    Posted in CyberSecurity | Leave a comment