Spend time taking an inventory of your organization’s data assets. Data is the most important element of your organization, so understanding its composition and location, as well as who can access it, it will allow you to determine its value and develop ways to protect it. One you’ve mapped and classified your data, you can make sure it’s formally managed throughout your organization by developing proper governance and auditing policies.
Step Two: Evaluate vendors.
Make sure that your vendors take data protection seriously. You can determine the effectiveness of your vendors’ cybersecurity programs by conducting an assessment. Make sure that any partner you work with, technology or otherwise, is able to demonstrate that your data is stored in accordance with industry security and compliance requirements. This is especially important within the alternative investment sector. Data centers should meet SSAE16/Type II and ISO27001 standards and offer intrusion detection and continuous monitoring to ensure uninterrupted service and enhanced cybersecurity protection.
Step Three: Know your risk.
You can determine how vulnerable your organization is to a data breach by hiring a third party to conduct vulnerability and penetration testing. The results will alert you to your firm’s internal and external security gaps, their potential business impact and the appropriate remediation steps. Once you’ve determined your risk profile, there are four key methods to risk management: mitigation, which involves applying compensatory controls to reduce the potential likelihood and impact; transference, which is when risk is transferred to a third party; acceptance, which is the practice of accepting the known risk; and avoidance, which involves eliminating the risk entirely. Understanding and categorizing the risks will allow you to make informed decisions that will protect the mission and assets of your organization.
Step Four: Develop a plan.
Cybersecurity is not just a technical issue- it’s a management issue with far reaching impact for your entire business. You should work with a technology partner to ensure you have the right resources in place to prevent and respond to a breach if one occurs. The technology partner can help you put together a comprehensive program that covers testing, employee training, and the necessary solutions, such as encryption, multifactor authentication, firewalls, in addition to others.
