Embed Size (px)
Citation preview
Cybersecurity5 things digital media
companies need to do now
grantthornton.com/Cybersecurity
Data is central to digital media
industry business modelsDigital media companies use data for:
• Collecting user-generated content• Customer credit card information• Communicating via social media• Conducting business operations
2
Are you at risk?
Costs of a data breach
Data breaches can have major consequences for digital media companies:
• Negative press reports
• Loss of business
• Penalties
• Class-action lawsuits
3
Did you know? Snapchat grew rapidly from a 2011 startup,
but its swift growth outpaced its security controls, resulting in a
2013 hack and a 2014 data breach.
Potential risks for digital media
Legal
Regulatory
Financial
Reputation
Loss of consumer trust
Theft of proprietary information
Websites compromised by hackers
Fraudulent consumer communications
4
5 critical actions to take now
For digital media companies — it's time to take action.
Next up, 5 things that digital media companies need to do now to protect their data.
5
Want to get the big picture?
Read the full article >
#1: Find and face
internal risks head-on
Employees pose the single greatestcybersecurity risk through malware, phishing, weak passwords and social engineering attacks.
Key actions you can take:
• Develop and communicate well-defined user policies
• Bolster users' threat awareness
• Reinforce internal security policies
• Monitor everyday threats like unattended computers,
unencrypted wireless, unregulated personal devices, etc.
6
#2: Fix what you know is broken
Key actions you can take:
Patch identified vulnerabilities
Require the use of strong passwords
Enforce two-factor authentication for
administrative-level access
Conduct regular vulnerability scans
Encourage consumers to use strong passwords
and understand privacy/security settings
7
Most cyberattacks involve previously targeted vulnerabilities or weak passwords.
#3: Stay on top of vendors
Digital media companies must also address third-party exposures.
Key actions you can take:
• Understand what every vendor is doing to protect data
• Make sure vendors are contractually obligated to protect data
• Ensure that vendors receive the appropriate data security
reports and independent reviews (PCI DSS, SOC 2 reports,
ISO 27001, etc.)
8
Vendor management is a risk for all companies, but digital media companies may be even more exposed. Read more>
#4: Make cybersecurity
everyone's responsibility
Everyone at a digital media company should
be involved in cybersecurity.
Key actions you can take:
• Clearly define responsibility across the organization
• Reinforce each department's responsibility
• Reinforce each employee's responsibility
• Conduct a comprehensive training program
• Review cybersecurity programs annually
• Continuously monitor vulnerability
9
#5: Strive for continuous
improvementDigital media companies need to gauge cybersecurity program effectiveness.
Key actions you can take:
• Conduct regular audits
• Distribute findings from weekly cybersecurity meetings
• Make security measures into KPIs (time to patch
vulnerabilities, time it takes to respond to a data security
incident, number of viruses detected per week, etc.)
10
Read the full article for more insights and best practices>
The benefits of a proactive
cybersecurity program
• Market advantage over competitors
who do not have mature data
security programs in place
• Differentiator in attracting venture
capital or an acquirer
• A defined process for when an
attack occurs
• Damage limitation from an attack
11
Orus DearmanDirector
Business Advisory Services
Grant Thornton LLP
415.318.2240
Steven PerkinsManaging Director
Technology Industry Practice
Grant Thornton LLP
703.637.2830
InformationContacts
12
Ready to take a fresh look at your cybersecurity program? Contact Orus or Steve today.
