Good cybersecurity depends on all employees following company policies and procedures. Here’s how to ensure that happens.

In early-2018, LogicManager surveyed hundreds of risk managers in a wide range of sectors to see what they considered to be their company’s most pressing problem, and 72 percent said cybersecurity.

Today, technology is an inescapable reality of the financial sector. From simple email communications to the various personal records and other sensitive data mortgage originators collect, technology continues to permeate every level of the financial services industry.

The risks associated with cybersecurity and privacy are substantial, as is the impact they can have on an average company. Risks like system downtime, human error, and other business continuity concerns can create increased burdens across the mortgage supply chain.

New regulations on privacy from the General Data Protection Regulation has spawned state regulations such as the New York Department of Financial Services cybersecurity regulation NYCRR 500, and the California Consumer Privacy Act of 2018. These regulations are increasingly making change management a major concern.

The Mortgage Industry Faces Significant Consequences from Cybersecurity Incidents

The mortgage industry’s strict compliance requirements often slow the adoption of new tools and technologies. To make matters worse, hackers usually aren’t spending inordinate amounts of time and energy trying to hack into a secure system. Rather, they’re looking for low-hanging fruit, which isn’t hard to come by.

Unfortunately, as the mortgage world and financial sector become increasingly digitized, the risk of a cybersecurity incident becomes ever more likely.

Risks such as regulatory non-compliance can result in significant financial costs, as regulators and lawmakers hold companies under ever-increasing scrutiny, in the wake of public outrage following data breaches at Equifax and Wells Fargo. I call this the See-Through Economy.

The good news, however, is that effective cybersecurity doesn’t require massive technology investments. All cyber-attacks are preventable with effective enterprise risk management that is supported by proper governance and infrastructure.

Of course, a robust cybersecurity program should incorporate technology, but that technology will only properly function with good governance and a proactive mindset at all levels and departments of an organization.

Getting Risk Managers and Security Professionals on the Same Page

Cybersecurity professionals and risk managers often aren’t speaking the same language. Risk managers, by nature, must be comfortable with a certain amount of risk. Their job is to prioritize the most likely risks that will have the most impact and mitigate those first.

Cybersecurity professionals, on the other hand, see risk differently. For them, failure isn’t really an option, as the consequences of a data breach can be disastrous for a company.

Risk managers can serve as a champion for cybersecurity professionals. Because the consequences and costs of a data breach are so high, risk managers can serve as an intermediary between the security professionals and company leadership, including the board of directors.

Good Cybersecurity Governance Requires an Effective Security Culture

Risk managers can also work with cybersecurity professionals to construct an effective corporate “security culture.” As I mentioned earlier, the best technology is rendered ineffective if company policies and procedures aren’t properly implemented or followed.

Good governance transcends siloes and ensures that employees across all departments at all levels of the organization are on the same page when it comes to cybersecurity do’s and don’ts.

The first step companies should take in proactively mitigating cybersecurity risks is to implement a control; an employee policy, in this instance.

Then, require employees to complete a certain number of interactive training courses on that program on a weekly or monthly basis.

Third, ensure employees are understanding the new policy and training, and are changing their behavior as a result.

Companies should prioritize their employees learning how to operationalize cybersecurity policies across all departments and levels, how to monitor the effectiveness of cybersecurity programs, how to assign cross-functional accountability for cybersecurity responsibilities, and how to demonstrate ongoing success to the board of directors.

Training alone is not an effective cybersecurity program, as it lacks the governance and follow-up procedures which ensure employees actually follow the policy. Even if they sit through a security training program, employees won’t change their behavior unless they know someone’s going to check in on them or feel it is a crucial element of the company’s risk culture.
Training works best as part of a robust enterprise risk management program, supported by the right infrastructure and governance. For cybersecurity and privacy best-practices, risk professionals can start with “How to Manage Your Cybersecurity Risks,” an educational on-demand video course we initially produced for our customers.

Cybersecurity requires an “all-of-organization approach.” Cybersecurity is not and cannot be the sole responsibility of the security team. Empowering all employees, at all levels and across all business areas, to identify and report cybersecurity risks is key.

However, it’s critical that risk professionals partner with cybersecurity professionals to fully understand the risks and the consequences of lax cybersecurity, in addition to comprehending their own level of responsibility when it comes to securing access to information and systems, and in ensuring internal adoption and compliance with company policies.

 

Steven Minsky

Steven Minsky is the CEO of LogicManager and author of the RIMS Risk Maturity Model.

 

Be Sociable, Share!

(Visited 2 times, 2 visits today)

http://platform.twitter.com/widgets.js(function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(d.getElementById(id)){return}js=d.createElement(s);js.id=id;js.src=”http://connect.facebook.net/en_US/all.js”;fjs.parentNode.insertBefore(js,fjs)}(document,”script”,”facebook-jssdk”));



Source link

This Content is Generated from RSS Feeds, if your content is featured and you would like to be removed, please Contact Us

Tech Shop Offers



Music and Hifi Offers

Money and Loans

Get the very best deal on Loans, Credit Cards, Bank Accounts and Mortgages.

Motor Insurance Quote

Get a Quick Motor Insurance Quote and Compare from over 65 Providers.

Home Insurance and More

Compare Home Insurance from over 65 Insurance Providers to guarantee you the best deal.

Life Insurance and More

Get a Quick Life Insurance Quote and Compare Deals from UK's well known Insurance Providers.

Travel Insurance Quotes


0