"A major cyberattack can have devastating consequences for companies that rely heavily on the Internet and related technology for sales, marketing, inventory management, distribution and related functions," says Linda George, FINPRO department manager for the Pittsburgh office of Marsh Inc.
Marsh recommends the following steps to improve security and manage cyberrisks:
- Convince senior managers that effective security involves people, process and technology, not just technology.
- Have an outside security firm whose core competency is in network and Internet security review your policies and procedures at least once a year and test them regularly.
- If information security management cannot be handled effectively internally, consider outsourcing key security functions such as firewall monitoring and intrusion detection to others whose core expertise is in security.
- Form an interdepartmental committee to assess risks. Look at your e-commerce applications activities, key risks and strategies to prevent problems or mitigate them.
- Strengthen the due diligence and insurance requirements of your contracts with Internet and application service providers.
- Review your e-mail and Internet use policies and make sure your employees understand them.
- Develop, implement and test your information technology disaster recovery or business continuity program.
- Review your insurance program for potential gaps or limitations in coverage.