IT Security Plan

Why do I need a Written IT Security Plan?

Does your company have a Written IT Security Plan (WISP)?  If not, you could be an easy target for cybercriminals, lose lucrative business, and potentially end up on the wrong side of the law.

For example, companies are increasingly requiring lengthy compliance documents from organizations with whom they want to do business. Without a WISP, it is hard to comply in a timely fashion, which means you could lose hard-won business to a competitor who already has their security program in place and documented.

Consider these findings in the recent Verizon Data Breach Investigations Report:

  • 97% of breaches were avoidable through simple or intermediate controls.
  • 79% of victims were targets of opportunity.
  • 85% of breaches took weeks or more to discover.
  • 92% of incidents were discovered by a third party.

This is a pretty dismal state of affairs, but if you create a WISP and the controls that go with it, then train your employees with good Information Security Online Training, you can avoid the all-too-common, and increasingly expensive scenario of finding out from a third party that you’ve been leaking sensitive data for weeks just because you missed an obvious (and potentially embarrassing) step in securing your data.

If you are an SMB then a WISP might sound like a lot of work, but consider the exposure you suffer if you continue to delay implementing a WISP.

If your company suffers a security breach and does not have a Written IT Security Plan (WISP), then your regulatory and business problems will likely multiply.  Indeed, in some states (especially Massachusetts) the penalties can be severe, and don’t expect to be let off with a slap of the wrist just because you are a small company.

Kaliber Data Security’s Certified Information Security Professionals are specialists in the development of IT Security Plans.

Contact us today for a free consult on an IT Security Plan which should be the cornerstone of your Information Security Management System.