At the annual CFC Forum 2014, Vern Dosch, NISC’s President and CEO, led a panel on cybersecurity which included Tom Ridge, former Pennsylvania Governor and the first U.S. Secretary of Homeland Security, and Howard Schmidt, Cybersecurity Coordinator for President Obama from 2009 to 2012. During the presentation, which can be viewed in its entirety on CFC’s website, Dosch tracked the panelists’ recommendations. You can listen to a recap of recommendations and review the panel’s list of actions designed to protect organizations against cyber attacks.

1. Adoption of PCI compliance best practices as it relates to protection of credit card information is critical.
2. Adopt a social engineering policy specifically as part of employee education, and do mandatory education in this area as it relates to social engineering, phishing, Internet look-alikes as well as email hoaxes such as survey and prize scams.
3. Coordination between operations, outside employees and the IT department.
4. Perform annual security audits, and, if possible, aligning the organization with a vendor that can do continuous cyber-monitoring.
5. Consider purchasing cyber insurance.
6. Perform an inventory of the system and work to identify the organization’s vulnerabilities as well as potential high profile targets.
7. Establish a local mobile security strategy as it relates to the organization’s network to address the growth and pervasiveness of mobile devices that are either issued by the organization or belong to the employee.