Thursday, 31 January 2013 19:30

How to strengthen your weakest security link

If you are a C-level business executive, have you ever stopped and given serious thought about how much confidential data is in your email?

If you are like most executives, you have full financial statements in Excel attachments. You’ve got emails surrounding confidential business deals, acquisitions and the like. And you’ve got information in there that would be of great value to a competitor, like client lists or top deals that have closed.

Now stop and think again — where is this data all stored? For 99 percent of us, it exists on our mobile phone, says Zack Schuler, founder and CEO of Cal Net Technology Group.

“It’s on that device that we leave laying around just about anywhere: on our desk, on a table at a restaurant, in our gym bag, in our golf cart, in our car, in our hotel room, by the pool — just about anywhere,” Schuler says.

Smart Business spoke with Schuler about the need to protect company data contained on cellular phones.

What should companies do to protect data on cell phones?

Companies spend thousands of dollars protecting servers with firewalls, locked doors, complex passwords, etc., but how much money or time do they spend protecting the data on cell phones? Probably almost none.

One could even make the argument that if a cell phone was compromised or stolen, a thief would have a much easier job getting to the data that he’s looking for, because it’s all organized nicely in folders. A folder might even be labeled ‘private,’ ‘confidential’ or ‘financial information.’ You get the picture.

So what’s the solution? You need to treat the mobile devices that access your network just like you treat the rest of your network. You need to manage them and manage the security around them. This is why the term ‘mobile device management’ (MDM) has recently come into the spotlight.

What is mobile device management?

It is a centralized system that manages all of the mobile devices that connect to your network. It is a piece of software that is downloaded to a mobile device and then communicates back to the corporate network, letting you do all kinds of nifty security things. First and foremost, it can force any user connecting to your email server to use a password. Sure, you can set a companywide policy that they need to have a password, but lazy people will turn it off. With mobile device management, they can’t turn it off.

How secure is that four-digit pass code anyhow? If I were someone who knew you and wanted to get into your phone, I’d try your birthday, your year of birth, your address, the last four digits of your Social Security number, the year you got married, the last four digits of your phone number, etc. I’d probably have a pretty good chance of being right. With the right MDM solution, you can actually have the software wipe your phone after X number of incorrect password attempts. How cool is that? You also can do things such as limit access to app stores, set Web browser security preferences, restrict use of the camera and more.

What happens if a phone is lost?

You call your IT department or support provider and they wipe your phone, which can be done even without MDM. But what’s even better is that you can go to the Verizon store, get a new phone, and your IT department/provider can send you a text containing a link to download your MDM app. You download the app, and they can provision your email and the rest of your phone — think remote desktop support for your phone.

Regardless of whether your employees have their own devices or if they are company issued, if they connect to your network, they must be secured.

Zack Schuler is founder and CEO of Cal Net Technology Group. Reach him at ZSchuler@CalNetTech.com.

Insights Technology is brought to you by Cal Net Technology Group

Published in Los Angeles

Data, stored digitally, has become critical to a business’s ability to function. However, major catastrophes — from fires to earthquakes to floods — can cripple hardware and put terabytes of a company’s data at risk, making it vital to have a business continuity plan in place to protect digital information.

“A business continuity plan is insurance for your data,” says Pervez Delawalla, president and CEO of Net2EZ. “It ensures that your business can sustain a disaster that affects your ability to access data at your main site.”

Smart Business spoke with Delawalla about data security and the role it plays in a business continuity plan.

What is a business continuity plan and how can it impact a business?

From a technology perspective, a business continuity plan is your strategy for resuming business following a natural or man-made disaster in as short a period of time as possible. Your plan should be based on the type of data you create on a daily basis, how it is being maintained and the amount of time your business can operate without being able to access it.

Business plans differ from company to company. But generally, if you can’t sustain being without access to particular data for more than a few minutes, that data is critical, and that plan will look different than plans that pertain to data you can live without for hours or days.

Business continuity can save a business even when there is no disaster. Accidental removal or deletion of certain data sets can be very damaging to a business. However, if you have a business continuity plan and regularly back up your data, you will have less reason to worry.

What are the elements of a business continuity plan?

First, determine how you will back up your data. Critical information should be backed up every hour. Less critical data can be backed up more infrequently.

Make sure data is being backed up and secured off-site so that, if you can’t get to your office, the data is available to you. Your backup site should be outside of your primary location.

Second, you need a plan to restore your data when things come back online. Test your off-site server to understand how much lag time there is until data can be restored and employees can start using it.

Third, outsource your primary server farm or infrastructure to an outsourced data center. Outsourcing your server to a data center means it is housed in a facility with multiple levels of redundancy designed to sustain power outages and has multiple, high-speed connections coming from diverse entrances so data can be accessed even if the fibers are cut in the street. You can use facilities such as these as your secondary server, no matter where your business is located. Then, if something happens, you will have access to your data.

When should a business continuity plan be implemented?

The minute you have critical data, you need a plan to back it up. However, with the economic downturn, many companies cut the aspects of their business continuity plan that dealt with data protection because it doesn’t get used until a disaster hits, and it is an easy area to squeeze the budget. Businesses are saying they have a limited budget and they have to continue to operate, so they will just deal with it when it happens. But by then, it is too late.

How does geographical diversity play into business continuity?

Consider what a disaster can mean to your operations and what your business can sustain in terms of cost. The farther your backup servers are from your primary site, the more it costs to transfer information from one place to another. Smaller companies could likely use a public connection to transfer data without incurring too much cost.

The farther away you keep your data, the more redundancy you can create with a solid plan. However, the more redundancy you create, the more costs increase. It is less expensive if you keep your data closer to your primary location, but it also increases your risk, for example, in the event of an earthquake or hurricane. But, ultimately, the question you should ask is, ‘How long can I afford to go without access to my data?’

Pervez Delawalla is president and CEO of Net2EZ. Reach him at (310) 426-6700 or pervez@net2ez.com.

Insights Technology is brought to you by Net2EZ

Published in Los Angeles

Today’s businesses are facing new kinds of threats, not physical ones but those that attack through the Web.

Hackers have focused on the private sector, using technology to commit espionage against companies of all sizes, gaining access to secrets from U.S. businesses to leverage a competitive advantage.

“This has created a very real cyber war zone. It’s no longer just a hacker nuisance,” says Pervez Delawalla, president and CEO of Net2EZ.

Smart Business spoke with Delawalla about the tools that companies can use to combat the very serious threat of a cyber breach.

What types of threats do businesses face?

Companies face a range of threats. For example, business identity theft can lead to a breach where credits can be issued or obtained under a business’s unique identity. Or a company’s trade secrets could be compromised through leaks in its cyber security.

If a hacker wants to get information about a company, the first thing he or she will do is look for personal information about its CEO, which could be available on networking and social media websites, and also by gaining access to the CEO’s personal computers. These multilevel and multithreaded attacks are very precise. Whereas previously, cyber attacks could be compared to carpet bombing, they’re now more like precision missile strikes.

What aspects of a business are most at risk?

Financial data are most at risk in the private sector, as this information is very useful and profitable for groups to exploit and sell. The second most at-risk area is business secrets, which are stolen and used to gain a competitive advantage against companies.

How can a company reduce the risk of cyber threats?

Companies should inventory their most sensitive information, that which gives them a competitive edge, and protect it. Traditional intrusion detection and prevention systems, such as firewalls, should be put in place as a first line of defense, but they aren’t completely effective.

To protect extremely sensitive data, companies can hire a security team to monitor and protect their systems around the clock. Businesses can outsource their cyber security and consult with experts to determine what layers of security can be put in place to protect their customer and financial data, as well as their trade secrets.

How are these security systems implemented?

A consultant will look at the data a company maintains and interview its officers to determine how data is prioritized. After the initial discovery sessions, systems will be put in place to see who is accessing what data, where data flows, who has what access level and the patterns of access to determine a security platform that makes the most sense for that particular company.

Initially, the cyber security team will monitor data flow and access for a period of time to build a history and understand what could be considered normal patterns of behavior. This history will then be used to make a strategic security plan.

Once in place, the security team actively monitors cyber behavior. If or when an anomaly occurs, it’s immediately stopped and investigated by the security team in order to find out more about it and defend against it.

There’s a lot more discovery involved in the security consulting process today because of the many networks and extremely large data pools that even a single company can have in place. Also, there is the need to look at these networks and data access actively and have people monitoring it constantly, rather than passively putting a firewall in place and then expecting that it will keep all of a company’s most valuable information safe.

Pervez Delawalla is president and CEO of Net2EZ. Reach him at (310) 426-6700 or pervez@net2ez.com.

Insights Technology is brought to you by Net2EZ

Published in Los Angeles

Data, stored digitally, has become critical to a business’s ability to function. However, major catastrophes — from fires to earthquakes to floods —can cripple hardware and put terabytes of a company’s data at risk in just a moment’s notice. In light of this risk, it is vital to have a business continuity plan in place to protect your digital information.

“A business continuity plan is insurance for your data,” says Pervez Delawalla, president and CEO of Net2EZ. “It ensures that your business can sustain a disaster that affects your ability to access data at your main site.”

But, as with any emergency preparedness drill, you need to implement and practice your business continuity plan now, before you need it, as once a disaster strikes, it may be too late.

Smart Business spoke with Delawalla about data security and the role it plays in a business continuity plan.

What is a business continuity plan and how can it impact a business?

From a technology perspective, a business continuity plan is your strategy for resuming business following a natural or man-made disaster in as short a period of time as possible. Your plan should be based on the type of data you create on a daily basis, how it is being maintained and the amount of time your business can operate without being able to access it.

Business plans differ from company to company. For example, take a retail operation that tracks customers’ purchasing habits, and suddenly that information is unavailable because of a hardware failure. That data set isn’t as critical to the business as its ability to process customer credit cards, which is why a business should have multiple plans based on data type. If you can’t sustain being down more than a few minutes, that data is critical, and that plan will look different than plans that pertain to data you can live without for hours or days.

Business continuity can save a business even when there is no disaster. Accidental removal or deletion of certain data sets can be very damaging to a business. However, if you have a business continuity plan and regularly back up your data, you will have less reason to worry and will be able to sleep much better knowing your data is safe.

What are the elements of a business continuity plan?

First, determine how you will back up your data. Critical information should be backed up every hour. Less critical data can be backed up more infrequently.

Backing up data can be a mundane task, and some companies assume it is happening, only to find out after a disaster that it is not. Make sure data is being backed up and secured off-site so that, if you can’t get to your office, the data is available to you. Your backup site should be outside of your primary location.

Second, you need a plan to restore your data when things come back online. Test your off-site server to understand how much lag time there is until data can be restored and employees can start using it to continue business operations.

Third — and this is where a lot of businesses are now looking — is outsourcing your primary server farm or infrastructure to an outsourced data center. A typical outage or inaccessibility of data can occur because of power or cooling failures, as most buildings are not designed for multiple levels of data redundancy or for a major connectivity failure from the fiber on the street.

Outsourcing your server to a data center means it is housed in a facility with multiple levels of redundancy designed to sustain power outages and that has multiple, high-speed connections coming from diverse entrances so data can be accessed even if the fibers are cut in the street. You can use facilities such as these as your secondary server, no matter where your business is located. Then, if something happens, you will have access to your data and can continue to function.

When should a business continuity plan be implemented?

The minute you have critical data, you need a plan to back it up. It depends on the type of business. If you provide a consulting service and your first few months are spent creating proposals, it is not as critical to back that up as long as you have a second copy or could recreate it. However, businesses with more critical data should protect themselves immediately.

With the economic downturn, many companies cut the aspects of their business continuity plan that dealt with data protection because it doesn’t get used until a disaster hits, and it is an easy area to squeeze the budget. Businesses are saying they have a limited budget and they have to continue to operate, so they will just deal with it when it happens. But by then, it is too late.

How does geographical diversity play into business continuity?

Consider what a disaster can mean to your operations and what your business can sustain in terms of cost. The farther your backup servers are from your primary site, the more it costs to transfer information from one place to another. Smaller companies could likely use a public connection to transfer data without incurring too much cost.

The farther away you keep your data, the more redundancy you can create with a solid plan. However, the more redundancy you create, the more costs increase. It is less expensive if you keep your data closer to your primary location, but it also increases your risk, for example, in the event of an earthquake or hurricane. But, ultimately, the question you should ask is, ‘How long can I afford to go without

access to my data?’

Pervez Delawalla is president and CEO at Net2EZ. Reach him at (310) 426-6700 or pervez@net2ez.com.

Insights Technology is brought to you by Net2EZ

Published in Los Angeles

In today’s electronic age, Personal Information (PI) and Protected Health Information (PHI) are being stored on multiple technological devices. Data security is increasingly a concern as companies have become targets for people, both internally and externally, misappropriating private information.

“What is most important in the data privacy arena is for your organization to partner with vendors that have significant experience advising clients on best practices, security and storage policies that deal with data breaches, while complying with state and international data security laws,” says James J. Giszczak, a member at McDonald Hopkins. “This area of law is rapidly changing and it’s critical that the complex privacy laws are both understood and followed.”

Dominic A. Paluzzi, an associate attorney with McDonald Hopkins, says, “More than 562,943,732 data breaches have been reported since 2005, according to the Privacy Rights Clearinghouse. Of course, many have gone unreported, so this figure is more than likely three times higher.”

Smart Business spoke with Giszczak and Paluzzi about data security in the age of technology.

What information is protected and who is impacted?

PI refers to an individual’s name, coupled with a Social Security number, driver’s license number, credit card numbers, credit report history, passport number, tax information or banking records. PHI refers to medical records, health status, provision of healthcare and payment for healthcare.

Every industry is at risk when it comes to data privacy, but some are more critical, such as billing, education, insurance, staffing, health care, retail, manufacturing, accounting, financial services, legal, pharmaceutical and government/military.

Are there certain privacy laws and standards with which organizations must comply?

There are at least 35 federal laws that outline data protection or privacy protections. Forty-six states, the District of Columbia, Puerto Rico, the Virgin Islands and numerous foreign countries have legislation requiring notification of security breaches involving PI and/or PHI. It is where the affected individual resides that determines the applicable notice law.

Many of the regulations include significant penalties for failure to comply. For example, there can be up to $750,000 in penalties to a company for failure to notify affected individuals; $10,000 per violation for officers/directors personally; private civil actions for instances of non-compliance, including punitive damages and attorneys’ fees; and even prison terms of up to five years.

How can an organization minimize the risk of a data breach?

It is critical to have a comprehensive approach to data privacy and network security to limit risk and exposure. For example, a Written Information Security Program outlines an organization’s privacy policies and procedures. It sets forth the various steps your company has taken to secure PI, PHI and confidential information contained in both electronic and hardcopy form.

An Incident Response Plan is the ‘go-to’ document that identifies the appropriate internal and external resources to properly deal with a data breach. It sets forth an Incident Response Team, which is a group of decision-makers, both within and outside an organization in legal, IT, risk, human resources, marketing and public relations.

Be sure to have carefully drafted confidentiality agreements for employees, vendors and visitors to protect PI. Few confidentiality agreements encompass employee or vendor obligations regarding PI and PHI privacy. An indemnification provision can be very helpful in protecting an organization from an employee or vendor whose negligent or intentional acts result in a data breach. In that case, the company can look to the employee or vendor to recover losses incurred when it must notify affected individuals, attorneys general and other state and federal agencies of the breach.

Your company can also reduce the likelihood of an internal data breach by having appropriate IT and electronic policies as part of your data security and asset protection program. These can include a social media policy; computer usage policies that cover cell phones, USBs, laptops and personal devices; a document destruction and retention policy; and a telecommuting policy.

Organizations can purchase coverage from most of the major insurance carriers for third-party liabilities, such as disclosure of employee PI or patient PHI, both through a computer network or off-line; invasion of privacy; defamation; and security or privacy breach of regulatory proceedings. Security and privacy insurance is also available for first-party coverage, such as business interruption, costs to restore or recreate data or software resulting from failure of network security, forensic costs, ID theft resources, credit monitoring and costs associated with statutory notification requirements.

What needs to be done in the event of a data breach involving PI or PHI?

  • Gather the Incident Response Team.

  • Call your insurance agent, law enforcement and an experienced data privacy attorney to maintain privilege.

  • Assign a breach coordinator.

  • Preserve evidence of the breach and secure IT systems.

  • Determine whether breach notification letters need to be sent, who should receive them, when should they be sent, what should they say or not say.

  • Offer credit monitoring to affected individuals and report the incident to credit card companies and credit reporting agencies if applicable.

  • Draft a press release and FAQs regarding the incident so affected individuals are well informed if necessary.

  • Notify appropriate state attorneys general and other state agencies.

A comprehensive approach to data privacy and network security is necessary to avoid a data breach and is the best way to be prepared to respond to a breach when necessary.

James J. Giszczak is a member with McDonald Hopkins PLC. Reach him at (248) 220-1354 or jgiszczak@mcdonaldhopkins.com.

Dominic A. Paluzzi is an associate with McDonald Hopkins PLC. Reach him at (248) 220-1356 or dpaluzzi@mcdonaldhopkins.com.

Insights Legal Affairs is brought to you by McDonald Hopkins LLC

Published in Cleveland
Wednesday, 01 February 2012 14:09

How to keep your proprietary information safe

Any business that uses computers and connects to the Internet is at risk for a security breach. And if your business stores sensitive or personal information, your risk is even greater, says John Peckham, executive vice president/information systems at Bridge Bank.

“Information and systems can be the lifeblood of an organization, and one security event could put you out of business,” says Peckham. “It behooves every business owner to be aware of that.”

Smart Business spoke with Peckham about how to keep your proprietary information and data secure, and how to test the integrity of your information systems.

What should businesses be doing to keep their proprietary information and data secure?

Start with a risk assessment, which will help you understand where your risks are and where you need to focus your attention and resources. A company should focus on its critical assets first. If a company has a lot of intellectual property, that might be the place to start. If it maintains a lot of customer information, particularly confidential customer information, start there.

A business owner may be able to do this internally, but unless it’s a small company, it is wise to get multiple people or departments involved. Owners can gain a lot of insight by speaking with other people in the organization.

Stick to the basics, make sure your policies and procedures are in place and effective, know where your data is and who has access to it, keep things up to date and test your backups — these are all tried and true basics of information security.

How are personal devices posing a security challenge to the IT departments of mid-sized companies?

Companies are seeing an influx of consumer devices in corporate IT, and use of mobile devices is on the rise. Organizations need to think about how these devices fit into their IT strategy. Is it something that you are concerned about, or is it something you want to find ways to embrace?

You have to think about how personal devices play into your security structure, particularly when employees use their own devices to access corporate resources, e-mail, applications and file sharing, especially when sensitive information is involved.

What happens if one of those devices is lost or stolen, or an employee leaves the organization? Every organization needs to look at how it uses technology within the business and make decisions about what is going to be permitted and what is not. It goes back to the risk assessment, and developing policies and procedures around that. If employees are using their iPhones to connect to the corporate Exchange (e-mail) service, a business might want to install security policies on that device that causes data to be wiped from it when the wrong access codes are entered too many times, or when the device is reported lost or stolen.

Employee awareness around this issue is crucial. It is incumbent upon a business to educate employees and make them aware of concerns about the use of technology from a security perspective. It sounds basic, but simple things like reminding employees not to click on links in e-mails that they were not expecting can have a huge impact on your organization’s security.

How should companies test the integrity of their information systems?

Organizations are best served by using an independent third party that specializes in that type of work. There is no substitute for that independence and expertise in terms of doing true testing.

To find the right firm for your needs, start with the key platforms and the policies and procedures that you want to test, and look for a service provider with experience in those areas.  Or identify a service provider that has expertise and experience in your industry.  In any case, be sure to check the service providers’ references.

What are the common missteps that businesses make when building their information networks?

Not conducting adequate due diligence. With technology, there’s a tendency to ‘focus on the shiny object,’ something that looks really cool. They think, ‘This is the latest and greatest thing. I see everyone else doing it, so now we’re going to get it.’ But how does it really fit into your organization? Is it something that you really need? Is it something that’s going to integrate with everything else that you have? Or is it going to be a disparate system that sits on an island by itself?

You need to spend a lot of time in the due diligence phase when you’re looking at new technologies,  new systems, or new service providers. Look at things like how long the provider has been in business. Do they have the financial and operational wherewithal to stay in business long term? Is the new technology going to fit well into your existing infrastructure? Is it something you can integrate, and can you do it in a secure and efficient manner? You need to look at those things, or you may end up with a system that is implemented but never utilized because it really wasn’t thought all the way through.

Another mistake is failing to train sufficiently. New things are just that — new — and it’s not uncommon for a business to implement something and just give it to employees and expect them to pick it up. And that can be a long and frustrating process for both the business owner and the employees. A good training program that’s part of the implementation can go a long way in reducing the learning curve and the amount of time it takes for that technology to become a useful and meaningful part of the organization.

John Peckham is executive vice president/information systems at Bridge Bank. Reach him at John.Peckham@bridgebank.com or (408) 556-8309.

Published in Northern California

With each day, companies are becoming more dependent upon their systems and data. While these changes offer significant opportunities and benefits, they also carry many new and significant risks, including cyber security risks that business owners and management need to be aware of.

To protect your business from cyber security threats, it’s time to start thinking like a hacker. What sensitive or confidential data do you collect, store or transfer that could be compromised? And how vulnerable is that data to attack?

The risk is significant for businesses that do not make cyber security a priority. Failing to put security measures and infrastructure in place can affect a company’s reputation, productivity and bottom line, says Christopher Byrd, manager of Security & Privacy, Risk Advisory Services, Brown Smith Wallace LLC.

“Exponential growth in the access to and use of data can give organizations a competitive advantage, but with that comes increased vulnerability for cyber attack,” says Byrd.

The types of organizations being targeted are becoming more varied, says Tony Munns, member, Risk Advisory Services, Brown Smith Wallace LLC.

“Several years ago, the primary targets were financial services and similar organizations, but we are now finding that other companies with a high dependence upon technology are becoming targets for attack,” says Munns. “The size of the company doesn’t seem to matter, as hackers often choose their targets based on ease of attack and availability of data.”

Smart Business spoke with Byrd and Munns about the cyber threats businesses face and how they can maintain data security.

What cyber security challenges are companies facing?

While companies are not purposely exposing themselves to cyber security risks, many have limited resources to understand and address their vulnerabilities. Today, companies are doing more with less at a time when the number and severity of attacks are on the rise. Companies often focus on keeping systems up and running, while information security drops down the priority list. The greatest challenge is that this is a complex area that is constantly changing, requiring expertise and resources that often aren’t readily available to companies. So, increasingly, they turn to a third party that specializes in cyber security to perform a security audit and testing to identify weak points that can be invitations for hackers.

What impact will companies face because of these issues?

There are many potential impacts if sensitive information is not adequately protected, including direct costs such as fines, investigation, notification and legal fees, and indirect costs, including lost business opportunities due to reputational harm. The impact can also depend on applicable laws and regulations, such as:

  • HIPAA — The Health Insurance Portability & Accountability Act, which addresses the protection of personally identifiable health information.
  • PCI DSS — The Payment Card Industry Data Security Standards, which is aimed at protecting payment (credit, debit) card security.
  • GLBA — The Gramm-Leach-Bliley Act, which is designed to protect personal information collected by financial institutions.

Many industries have regulations in place to enforce data security, and there are more regulations being enacted at every level. In addition, virtually every state has adopted data breach notification laws that companies must adhere to. Exposure of personal information can result in hefty repercussions — cost estimates exceed $200 per record lost. For organizations with hundreds or thousands of records, the financial impact can be significant.

Often, as a result of a security breach, company executives find their time and attention consumed by the response, similar to other types of major incidents.

It is critical today for businesses to establish security measures and an infrastructure that protects data so that if security is breached, there is a record of compliance with laws and regulations. Across the board, there is an emphasis on urging companies to get their house in order on matters of cyber security.

How do cyber security breaches occur?

There are generally two basic types of security incidents. First, there are unintentional situations, such as an employee losing a laptop computer containing company data. In these cases, data security is generally not top of mind, as no one plans on these incidents.

The other security threats are very much intentional. There are cyber criminals who make money by hacking into systems and mining data. Once a system is compromised, the attacker can siphon off data or steal money directly, for example by initiating large bank account transfers.

Recently, there has been a resurgence of ‘hacktivists’ — ideologically motivated hackers that attack an organization to damage its reputation because of a political or social stance. Additionally, there have been a number of recent breaches involving industrial espionage, some purported to have been sponsored by other countries.  These attackers can stay embedded in a company while compromising information that provides a competitive advantage.

What can businesses do to protect their interests?

The key is to identify security risks and put an appropriate security program in place. A company’s security program should include a comprehensive security policy with assigned responsibility, risk assessment, security control framework, independent assessment and employee awareness. And, for when all else fails, there should be a response program, which should be tailored to meet regulatory requirements and be regularly tested.

Reach out to an expert to get a security risk assessment and begin developing a plan to protect information from cyber threats. When — not if — a security breach occurs, you want to be prepared with a plan to protect your business interests.

Christopher Byrd is manager of Security & Privacy, Risk Advisory Services, at Brown Smith Wallace in St. Louis, Mo. Reach him at cbyrd@bswllc.com or (314) 983-1374. Tony Munns is member, Risk Advisory Services, at Brown Smith Wallace. Reach him at tmunns@bswllc.com or (314) 983-1297.

Published in St. Louis