New and emerging cyber security laws are affecting all types of organizations. Regardless of your vertical space or market, you likely have Personal Identifiable Information (PII) related to your customers and constituents. The laws being passed are the result of countless, successful attacks, executed by organized criminal syndicates throughout recent years. It’s now REQUIRED for organizations to protect that PII. If there is a data leak or breach and you have not taken the appropriate and necessary steps to protect confidential information, penalties can reach into the thousands – per record!
In the past, organizations relied on their IT professionals, either in-house or an outside company, to position safeguards in an attempt to mitigate threats and data privacy risks. Today, that’s no longer an option, you must use a third-party, certified resource to evaluate, recommend and implement protective practices.
The substantial amount of high-profile breaches within the last year has caused the focus of lawmakers to shift toward senior executives and boards. It’s now a requirement to have a Chief Information Security Officer (CISO) report out to your relevant board, management team and any other governing operations. Most organizations don’t have a CISO on staff and cannot use their IT personnel or outside IT provider to perform this function. Independence must be maintained, because after all, the fox can’t watch the hen house. Other requirements include an annual risk assessment as well as a formal, User Awareness Training (UAT) program.
Mercadien has been a trusted Managed Security Service Provider (MSSP), well in advance of today’s current threat-landscape. Our team of highly-skilled experts offer practical programs and solutions that address the requirements of these new laws, while protecting your data and IT assets. To learn more about our Virtual Chief Information Security Officer (vCISO) program, and other relevant risk management services, contact me today at email@example.com or 609-689-2339.