Cybersecurity, Privacy, You, and Your Organization

Cybersecurity and privacy are unique areas that impact you personally and professionally, and are of great importance for your organization. These are difficult topics of increasing importance and legal requirements, worth investing effort. The good news is your effort benefits you personally and can help improve your organization.

It starts with you, your home, and family

  • The “security dial” to conceptualize the degree of risk faced and the degree of protection desired. This risk analysis allows properly tailored decision making.
  • My Four Pillars of Security, a continual process of improving knowledge and awareness, device security, data security, and network security.

Bring your knowledge to the workplace

Organizations must have reasonable cybersecurity and privacy practices. Sometimes, it can be difficult determining what “reasonable” means, or how to get started. Inertia, uncertainty, fear, time constraints, and compliance costs means that some individuals and organizations have not yet gotten started. But start they must, and then commit to continual improvement.

Cybersecurity and privacy are a part of good information governance (management), which is part of good organizational governance. The goal is to protect the organization, protect the bottom line, reputation, customers, clients, and employees. This will also put the organization in compliance with legal requirements.

Legal requirements are here and increasing

  • New York passed the SHIELD Act which created a new cybersecurity requirement and enhanced data breach reporting rules.
  • The California Consumer Privacy Act (CCPA) went into effect with national implications, and then the California Privacy Rights Act (CPRA).
  • The National Institute of Standards and Technology (NIST) released their Privacy Framework v 1.0 in 2020.
  • The European General Data Protection Regulation (GDPR) also affects businesses in the U.S.

I discuss the legal requirements in more detail here.

Be diligent and reasonable

Organizations should realize that good cybersecurity and privacy requires effort, and there are no magic solutions. It is a challenging area where perfection is impossible but continual improvement is required.

How can organizations do what is reasonable and diligent for cybersecurity and privacy?

Step two is to examine applicable laws and regulations. I call these “external rules” because they come from outside the organization and compliance is required.

Step three is reviewing organization internal rules — policies and procedures. Do they exist? Do they properly align with external rules? Are they based upon good guidance? Are they understandable, practical, and complied with by members of the organization? These internal rules are important to prevent problems, and to properly respond to incidents. They are also required by certain laws or regulations.

Internal policies are needed

  • Cybersecurity (information security)
  • Incident response (including data breach reporting), and
  • Privacy.

All people in the organization should be trained on these governance documents, which should be reviewed and updated periodically.

Again these documents are an important mechanism towards preventing a problem and for good governance, they are never just for “show” (see my article Policies, Procedures, and Governance of an Organization).

Prevent a problem, but respond if it has occurred

Next steps (and conclusion)

Organizations should get started too, starting with the above, and developing a cybersecurity program. Professional assistance can help bring efficient and quality improvements.

This short article is designed to provide helpful introductory information, and (of course) is not legal or consulting advice, nor tailored to your circumstances.

Additional reading:

This article is also hosted on my website at https://johnbandler.com/cybersecurity-privacy-you-and-your-organization/ where I also include links for additional reading, and it may be more current and with improved formatting.

Copyright John Bandler, all rights reserved.

Originally posted to Medium 2/5/2020, updated 4/10/2022.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
John Bandler

Cybersecurity, cybercrime prevention, privacy, law, more. Attorney, consultant, author, speaker, teacher. Find me at JohnBandler.com