|
|
|
 |
Addressing Security Threats |
|
|
 |
|
Businesses face computer viruses, theft, and other crimes that can interrupt operations and impact bottom lines. Detecting these threats before they occur is essential yet challenging.
The events of September 11th and its aftermath continue to dominate business thinking around the world. However, business executives and security directors must deal with a wide variety of other, more routine security threats every day. Maintaining a safe and secure environment is a critical yet challenging task. The security threats can seem endless.
"In this new post-9/11 era, a new philosophy is required — a philosophy of shared responsibility, shared leadership and shared accountability. The federal government cannot micromanage the protection of America."
Tom Ridge, Homeland Security Secretary, Washington Post, 2/25/2004
Computer viruses, theft, and other crimes can be difficult to detect until after the fact and can cause significant business interruptions with corresponding financial impacts to companies. They demonstrate the need for security and crisis intervention, planning, and training.
Routine business operations also can expose companies to security threats. For example, organizations outsourcing more of their critical business functions to third-party vendors, whether they are located domestically or overseas, need to recognize the potential security risks that coincide with such actions. Such partners may not operate under the same legal codes and/or have sufficient internal controls in place to assure the safety of clients’ data.
In addition, businesses in many industries are being subjected to new laws, regulations, and mandates aimed at improving overall security. However, compliance often requires internal monitoring and control procedures, vulnerability assessments, and security enhancements. Designing and implementing such infrastructure can seem like a daunting task.
To protect against the ever-present threats to human life, property, and business operations and assets, organizations need to proactively manage a wide variety of security risks. But where to start?
"The MyDoom virus has spread rapidly across the Internet, infecting nearly a half-million machines by some estimates. Those computers then become 'zombies,' which can be used to attack other computer networks by flooding them with data, or for other nefarious purposes."
The New York Times, 2/2/2004
Executives interested in addressing security risks within their organization and developing appropriate responses to each must consider complex questions such as:
- Have we identified the credible security threats facing our organization? Have we reviewed our security plans based on these credible threats?
- Are we outsourcing critical business operations and, if so, are we confident in the security procedures of our vendors?
- Are our procedures and policies current? Are they adequately integrated with appropriate federal, state, and local officials and the surrounding community?
- How able is our IT security system to protect critical business functions from electronic viruses, worms, and other malicious software?
- Is our internal staff adequately trained to deal with a security threat?
- Are we compliant with the security regulations that impact our industry sector?
- Do we need to update/upgrade our facility’s physical security?
- In the event of a security breach, do we know how to effectively communicate with internal and external audiences?
"Sen. Dianne Feinstein, D-Calif., urged major U.S. financial services and accounting firms to be cautious about outsourcing sensitive work such as tax preparation. ‘I am gravely concerned that consumer data is being sent overseas without proper safeguards’, she wrote to chief executives."
USA Today, 2/23/2004
To help understand, prepare for, protect against, recover from, and mitigate the variety of security risks facing them, executives should consider the following services:
Business Continuity Planning — Identifies critical business and IT processes and strategies that a company can implement in order to mitigate the effect of a security disruption on its organization.
Business Risk Consulting —Identifies, prioritizes, and assesses the critical business risks across the enterprise to ensure an effective, corporate-wide plan to proactively manage security-related issues.
Critical Incident Prevention and Planning — Helps organizations deal with issues involving compromises in company security, threats of violence, and critical incidents.
Claims Consulting — Provides a review of a company’s property insurance policies and assists with measuring, documenting, and recovering major direct or indirect losses through claims services. Develops plans for handling self-insured disability and third-party claims. Provides dispute resolution services and insurance claims accounting and preparation services.
Emergency Response Planning — Helps companies develop and execute effective decision-making and protective strategies for potential threats, including fires and explosions, terrorism, natural hazards, hazardous material spills, utility outages, and rescue.
Forensic Accounting and Claims Services — Helps ensure organizations have adequate controls and are appropriately addressing the risk of theft and fraud by assisting proper investigation of security breaches.
Forensic Technologies — Investigates network attacks, finds facts, evaluates culpability, assesses financial and programmatic losses, recommends corrective action, and provides litigation support for incidents requiring legal action.
Information Technology Risk and Security Services — Deploys solutions to help organizations secure their information technology and data, mitigate corporate and personal liability, and minimize abuse of computing resources.
Property Risk Consulting — Through proven assessment and evaluation, provides property protection solutions covering a wide range of risk issues, including security, fires, natural hazards, and explosions.
Strategic Risk Communications — Develops effective strategies to communicate to internal and external audiences.
Risk Technologies — Develops technology and provides related services such as data and incident management and assistance with business continuity planning to help companies reduce the cost of risk associated with security management
Workplace Violence Consulting Services — Identifies risk issues through a workplace violence assessment, reviews and/or develops response protocols, provides management and staff training as well as drills and exercises, and offers specific consulting services around hostile situations.
For more information about how Marsh can help your business prepare for, manage, and recover from unexpected security threats, please contact us.
|
|
|
|
|
|
|
|
