October 14, 2019
Why Cyber Strategies Need Personalization
by Keith Moore
Wouldn’t even a misguided attempt at making an organization more cyber-secure be beneficial? Unfortunately, no.
Personalization has taken a variety of industries by storm. Retailers base marketing campaigns on individual customer preferences; financial institutions are revamping their user experiences to cater to specific demographics; and healthcare organizations are offering services based on patient needs and family history. Without the ever-helpful “you may also like” features and individually customized dashboards, companies like Amazon and Netflix would be nearly unrecognizable, and certainly less appealing.
There’s one critical aspect of business — something that affects every industry — that’s woefully behind on personalization, however: cyber protection. With media outlets constantly reporting on the latest large-scale data breach like this summer’s Quest Diagnostic attack or the First American Financial leak, it’s easy to get swept up in all the fear-mongering and reactively incorporate as many cybersecurity tools and services as possible, no matter their relevance. For small and medium-sized businesses (SMBs), in particular, it’s especially tempting to blindly emulate larger organizations’ defense strategies, as most SMBs are understandably short on knowledge and resources when it comes to cybersecurity and cyber insurance.
Devising Cyber Protection Strategies Isn’t One-Size-Fits-All
One could argue that any efforts toward cyber protection should be applauded. Data breaches have become an inevitable part of doing business today, so wouldn’t even a misguided attempt at making an organization more secure be beneficial? Unfortunately, no.
Devising cyber protection strategies isn’t a generic, one-size-fits-all process. Rather, it’s akin to prescribing medicine. Just as physicians base their treatment plan on an individual’s specific symptoms, companies need to institute an approach to cybersecurity that incorporates their organization’s unique characteristics and needs.
See also: Where to Turn for Cyber Assistance?
Consider the cyber protection needs of, say, a bakery. While a bakery may need to consider implementing defense mechanisms for its business email account(s), CRM solution and digital document storage, its cybersecurity requirements are fairly straightforward. A basic cyber insurance policy could prepare a bakery for any worst-case scenarios in which customer payment records are exposed, for instance, or sales temporarily dip due to a damaged brand reputation post-breach.
Now look at an urgent care clinic, for which cyber protection can literally be a matter of life and death. Any internet-connected healthcare device, such as a heart monitor or IV, needs to be thoroughly secured to prevent patients from undergoing serious harm. Email, phone and text communications between physicians, nurses, specialists and patients should be encrypted. With healthcare organizations required to retain patients’ medical records for anywhere between two and 30 years (depending on the state), secure digital storage and back-up services must also be considered. In addition to all the tactical cybersecurity considerations that an urgent care clinic needs to take into account, it also has various regulations and audits it must comply with, such as HIPAA and HITECH. Steep fines and severe reputational damage await any healthcare organization that fails to comply.
Evolving and Future Business Needs Must Also be Considered
Not only do organizations need to personalize their cyber protection strategies by prioritizing their businesses’ unique needs, they also need to consider how those needs may change. A new law office may not have much client data to secure in its first six months of business, for example, but, once it’s amassed a few years of cases, the firm’s data security and storage requirements will drastically change. The type of data that a growing law office collects could change, as well. After a decade in business, if the firm decides to branch out to handle personal injury cases, for instance, it will have to adjust its data security strategy to accommodate patient health information.
See also: Cyber: No Protection Against Complacency
Prioritize Personalization to Secure Critical Assets
Rather than getting distracted by what Target or Facebook is doing to protect their digital assets, take the time to assess your business. Conduct a comprehensive evaluation of your current cyber protection efforts to determine what’s working and what’s not. Look for any major vulnerabilities such as insecure websites or lax Bring Your Own Device or Shadow IT practices, and map out how your cybersecurity requirements stand to change over the next one to five years.
Any organization — no matter its size, industry or available resources — can establish a custom cybersecurity and cyber insurance plan and leverage it to more effectively plan for and prevent devastating cyber attacks.