The threat of a cyber attack on a company, regardless of size, is unfortunately extremely likely, and the threat is only escalating, according to the Securities and Exchange Commission, and as we've said before.

However, even though the threat is universal, it doesn’t mean companies use the same defense plan.

In follow-up to HousingWire’s recent webinar on cyber security, Debbie Hoffman, chief legal officer at Digital Risk, answered the question: “Since companies are diverse in size and complexity and the amount and types of sensitive/privatized information that companies possess varies, how much security is enough?

“In order to gauge the level of security (e.g., security policies and procedures; system firewalls; solution software; etc.) that a company should have in place, a company should first think through the information assets it holds that may be attacked by hackers,” Hoffman said.

In Experian’s case, hackers breached the company’s systems and stole 15 million people’s personal information, including their name, address, Social Security number, date of birth, and an identification number – in many cases, their driver’s license number, military ID, or passport number.

Hoffman said that it is vital for a company to establish the types and amount of sensitive/privatized information it possesses in order to determine the methods and “best practices” it should implement to maximize security and minimize the risk of a security breach.

“While there are a number of security frameworks that provide universal guidance for companies, every enterprise faces its own challenges and risks,” she said. “Simply mirroring another company’s or agency’s cyber security program does not translate to effective risk management.” 

Cyber security does not have a “one size fits all” solution.

“When developing and implementing a security framework that “fits,” companies must return to fundamentals: understand the business and the business strategy; know what assets the company possess; understand threats to similarly situated companies, and align security with the enterprise’s mission.  Focusing clearly on risks and a company’s current cybersecurity maturity will help direct a company to focus its efforts on the appropriate areas,” Hoffman said.

For the all the information provided in the webinar by Hoffman an the other two panelists, which include Patrick Dennis, president and CEO of Guidance Software, and Jim Halpert, partner at DLA Piper, check here.

The information includes:

  • Cybersecurity risks that lenders are exposed to on a daily basis
  • Detailed explanation of how companies are exposed to security breaches
  • An overview of the privacy laws that govern lenders
  • Proactive measures that should be taken by company executives and their operations teams
  • Developing cyber security mitigation plans