In 2006, the FBI partnered with 313 companies who agreed to be in a study about IT security. The companies came from various sectors, such as medical, education, transportation, manufacturing, and many more. Combined, these companies lost over $52 million due to various types of security breaches, including viruses, theft of proprietary information, network abuse, and data sabotage. That’s $167,000 plus per company! You certainly don’t want to be part of that loss.

The FBI asked these 313 companies why they believe more companies don’t report their security losses. Well, 48 percent of the companies in the study said that negative publicity would hurt their stock or image. Another 36 percent said their competitors could use the information to their advantage. I’m sure you could think of many more reasons.

So the costs of IT security breaches are real and devastating to many companies. But realize that there’s power in knowledge. That’s why you need to know what your potential losses are. Only then can you take the proper steps to protect your company.

To that end, I recommend that every company create a Security Incident Management Plan. In this plan you will write exactly how you will:

* Identify security incidents
* Contact law enforcement if appropriate
* Notify anyone whose personal information may have been exposed
* Protect and gather appropriate evidence
* Clean up the problems
* Put appropriate monitoring in place
* Identify lessons learned to better protect the system

Find out more information at:
www.csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf.

What are your thoughts on this topic?