How to protect your US company's sensitive information

Rising Cybersecurity Threats

As we are well aware, the COVID-19 pandemic forced organisations to pivot suddenly to a remote workforce at the beginning of 2020. A year and a half later, many organisations have no intention of returning to a fully onsite workplace due to the positive benefits of working from home for both employers and employees.

However, the rush to set up remote work programs has left security gaps that are actively exploited by cybercriminals, such as exploitation of remote access solutions, email thread hijacking, and vulnerable or compromised endpoints (i.e., employee desktops, laptops, and mobiles devices).

For these reasons, data protection has become increasingly important, and companies need to protect their sensitive information, whether that is the personal data of employees or customers, or intellectual property, marketing strategy, client list, banking references and other confidential business information.

How a data protection program can help

A data protection program is a critical component of data governance for any company operating in the US for several reasons:

• It forces companies to consider the adequacy of their security practices.
• It protects against the legal, financial and reputational risks resulting from data security incidents or breaches.
• It is often required by specific statutes (sectoral or state laws in the US, or the GDPR in Europe).
• It can be an excellent defence against liability in the event of a data security incident or breach.

Companies with US businesses should create and maintain a data protection program as part of their overall data governance strategy. In addition, they should consider including cyber insurance and commercial crime insurance to their business insurance coverage:

• Cyber insurance protects against liability arising out of data breaches and other cybercrimes that may compromise sensitive data.
• Commercial crime insurance provides coverage against losses stemming from business-related crime, such as cybercrime and funds transfer fraud* and can cover losses suffered by both the insured company and its clients.

How ZEDRA can help

We can provide your US company with an appropriate Data Protection Program that you can adapt to your needs and assist you in obtaining cyber and commercial crime insurance. Contact Raphaël De Roubin to learn more about our Business Risk Management services.

*The FBI and Secret Service are warning companies of significant reported increases in funds transfer fraud. This is when criminals use malware or email phishing to impersonate vendors, executives or banks to convince organizations to wire funds to accounts under the control of the criminal.