Michael Best Partners Kirk Pelikan and Elizabeth Rogers co-authored the article, “A Guide to Implementing Best Security Practices—Before the Inevitable Breach” which was featured in The Last Watchdog on October 29, 2018.
The United States has experienced the most cybersecurity breaches in the world and the Equifax Breach was one of the first to be considered a “mega breach.”
The headlines immediately attempted to lay the blame, in large part, on the fact that Equifax’s chief information security officer was a music major and did not have a background in technology. Equifax was not special in this regard.
In fact, recent research reveals that about 60% of information security stakeholders have an IT background, but about the same amount lack formal technical training. That being said, there is no body of evidence that indicates a direct correlation exists between an information security stakeholder’s non-technical background and the likelihood of a breach.
If having a skilled technical staff isn’t critical, then what arrangements should a company have in place to mitigate the occurrence of a data breach and to avoid the fines and penalties that can follow? In the absence of a law that contains prescriptive requirements (e.g., the Health Insurance Portability and Accountability Act (HIPAA)), the answer is generally that a company should implement a “reasonable data privacy and security program” under all circumstances.
To read the entire article, click here.