Willis Towers Watson CISO Shares Security Tips To Small Companies

Cyber risk management has become a top-of-mind issue for organizations worldwide. Cyber security and data protection have bombarded their way into the boardroom – and they’re there to stay as companies battle an ever-changing landscape of cyber exposures.

But what if your organization doesn’t have a C-suite and a boardroom? What if you don’ have a chief information security officer (CISO) , or any staff with any security
expertise?

Matt Palmer, CISO at Willis Towers Watson, shares some cyber security tips for smaller organizations without the luxuries of capital, enterprise scalability and cyber expertise.

“There are great opportunities that comes with being a large organization like Willis Towers Watson, because we’re able to scale up and deliver enterprise-wide security solutions.

READ:   The Importance Of Policy Enhancement In Cyber Insurance

However, that’s a tremendous luxury that not everybody has. Even companies of a fairly significant size (with maybe 10,000 employees) will struggle sometimes to deploy enterprise-grade security capabilities,” said Palmer.

“Smaller enterprises need to take a slightly different approach. The most important thing is for them not to view cyber security purely as a technology issue and outsource it to a chief information officer (CIO) or to a third-party service provider. Whatever the size of the organization, the accountability should begin and end at the board.”

There are lots of strict rules and regulations worldwide around cyber security and data management. If smaller organizations view regulation as an “overwhelming overhead,” that will disrupt their ability to do business, according to Palmer.

READ:   Cybersecurity: An Issue For Many Small Canadian Businesses - Survey

Rather, every company should view regulations as “sensible and common sense” guidelines that assist companies with their everyday business and grant them protection for the data and information they hold, he said.

“It’s important not to view legislation as the enemy or something separate to security. Instead, legislation should play a part in boosting a company’s understanding of what their security priorities should and how they should manage their data,” Palmer added.

“At the end of the day, most security really boils down to getting the basics right , as opposed to buying complicated and expensive technologies.

READ:   Cathy Lipe Speaks On Mentorship For Gaining Support In The Insurance Business

“If an organization operates high quality processes, understands what they’re doing with data, and has decent protection in place, then they’re off to a good start. If they can’t compliment that with internal security expertise, they can always look externally. Even a large company like Willis Towers Watson will outsource some of its security expertise and monitoring.

Smaller organizations can do that just as easily as we can.”

Add a Comment

Your email address will not be published. Required fields are marked *