Thursday, June 11, 2015

5 things digital media companies need to do now

5 things digital media companies need to do now



5 things digital media companies need to do now from Grant Thornton LLP
Data breaches and theft of user information can do crippling damage to a digital media company. Creating an effective cybersecurity program is a critical step.
Published in: Business

 Transcript

  • 1. Cybersecurity 5 things digital media companies need to do now grantthornton.com/Cybersecurity
  • 2. Data is central to digital media industry business models Digital media companies use data for: • Collecting user-generated content • Customer credit card information • Communicating via social media • Conducting business operations 2 Are you at risk?
  • 3. Costs of a data breach Data breaches can have major consequences for digital media companies: • Negative press reports • Loss of business • Penalties • Class-action lawsuits 3 Did you know? Snapchat grew rapidly from a 2011 startup, but its swift growth outpaced its security controls, resulting in a 2013 hack and a 2014 data breach.
  • 4. Potential risks for digital media Legal Regulatory Financial Reputation Loss of consumer trust Theft of proprietary information Websites compromised by hackers Fraudulent consumer communications 4
  • 5. 5 critical actions to take now For digital media companies — it's time to take action. Next up, 5 things that digital media companies need to do now to protect their data. 5 Want to get the big picture? Read the full article >
  • 6. #1: Find and face internal risks head-on Employees pose the single greatest cybersecurity risk through malware, phishing, weak passwords and social engineering attacks. Key actions you can take: • Develop and communicate well-defined user policies • Bolster users' threat awareness • Reinforce internal security policies • Monitor everyday threats like unattended computers, unencrypted wireless, unregulated personal devices, etc. 6
  • 7. #2: Fix what you know is broken Key actions you can take:  Patch identified vulnerabilities  Require the use of strong passwords  Enforce two-factor authentication for administrative-level access  Conduct regular vulnerability scans  Encourage consumers to use strong passwords and understand privacy/security settings 7 Most cyberattacks involve previously targeted vulnerabilities or weak passwords.
  • 8. #3: Stay on top of vendors Digital media companies must also address third- party exposures. Key actions you can take: • Understand what every vendor is doing to protect data • Make sure vendors are contractually obligated to protect data • Ensure that vendors receive the appropriate data security reports and independent reviews (PCI DSS, SOC 2 reports, ISO 27001, etc.) 8 Vendor management is a risk for all companies, but digital media companies may be even more exposed. Read more>
  • 9. #4: Make cybersecurity everyone's responsibility Everyone at a digital media company should be involved in cybersecurity. Key actions you can take: • Clearly define responsibility across the organization • Reinforce each department's responsibility • Reinforce each employee's responsibility • Conduct a comprehensive training program • Review cybersecurity programs annually • Continuously monitor vulnerability 9
  • 10. #5: Strive for continuous improvement Digital media companies need to gauge cybersecurity program effectiveness. Key actions you can take: • Conduct regular audits • Distribute findings from weekly cybersecurity meetings • Make security measures into KPIs (time to patch vulnerabilities, time it takes to respond to a data security incident, number of viruses detected per week, etc.) 10 Read the full article for more insights and best practices>
  • 11. The benefits of a proactive cybersecurity program • Market advantage over competitors who do not have mature data security programs in place • Differentiator in attracting venture capital or an acquirer • A defined process for when an attack occurs • Damage limitation from an attack 11
  • 12. Orus Dearman Director Business Advisory Services Grant Thornton LLP 415.318.2240 orus.dearman@us.gt.com Steven Perkins Managing Director Technology Industry Practice Grant Thornton LLP 703.637.2830 steven.perkins@us.gt.com InformationContacts 12 Ready to take a fresh look at your cybersecurity program? Contact Orus or Steve today.

No comments:

Post a Comment