Data breaches and theft of user information can do crippling damage to a digital media company. Creating an effective cybersecurity program is a critical step.
2. Data is central to digital media
industry business models
Digital media companies use data for:
• Collecting user-generated content
• Customer credit card information
• Communicating via social media
• Conducting business operations
2
Are you at risk?
3. Costs of a data breach
Data breaches can have major consequences
for digital media companies:
• Negative press reports
• Loss of business
• Penalties
• Class-action lawsuits
3
Did you know? Snapchat grew rapidly from a 2011 startup,
but its swift growth outpaced its security controls, resulting in a
2013 hack and a 2014 data breach.
4. Potential risks for digital media
Legal
Regulatory
Financial
Reputation
Loss of consumer trust
Theft of proprietary information
Websites compromised by hackers
Fraudulent consumer communications
4
5. 5 critical actions to take now
For digital media companies — it's time to
take action.
Next up, 5 things that digital media companies need to
do now to protect their data.
5
Want to get the big picture?
Read the full article >
6. #1: Find and face
internal risks head-on
Employees pose the single greatest
cybersecurity risk through malware, phishing,
weak passwords and social engineering attacks.
Key actions you can take:
• Develop and communicate well-defined user policies
• Bolster users' threat awareness
• Reinforce internal security policies
• Monitor everyday threats like unattended computers,
unencrypted wireless, unregulated personal devices, etc.
6
7. #2: Fix what you know is broken
Key actions you can take:
Patch identified vulnerabilities
Require the use of strong passwords
Enforce two-factor authentication for
administrative-level access
Conduct regular vulnerability scans
Encourage consumers to use strong passwords
and understand privacy/security settings
7
Most cyberattacks involve previously targeted
vulnerabilities or weak passwords.
8. #3: Stay on top of vendors
Digital media companies must also address third-
party exposures.
Key actions you can take:
• Understand what every vendor is doing to protect data
• Make sure vendors are contractually obligated to protect data
• Ensure that vendors receive the appropriate data security
reports and independent reviews (PCI DSS, SOC 2 reports,
ISO 27001, etc.)
8
Vendor management is a risk for all companies, but
digital media companies may be even more exposed.
Read more>
9. #4: Make cybersecurity
everyone's responsibility
Everyone at a digital media company should
be involved in cybersecurity.
Key actions you can take:
• Clearly define responsibility across the organization
• Reinforce each department's responsibility
• Reinforce each employee's responsibility
• Conduct a comprehensive training program
• Review cybersecurity programs annually
• Continuously monitor vulnerability
9
10. #5: Strive for continuous
improvement
Digital media companies need to gauge
cybersecurity program effectiveness.
Key actions you can take:
• Conduct regular audits
• Distribute findings from weekly cybersecurity meetings
• Make security measures into KPIs (time to patch
vulnerabilities, time it takes to respond to a data security
incident, number of viruses detected per week, etc.)
10
Read the full article for more insights
and best practices>
11. The benefits of a proactive
cybersecurity program
• Market advantage over competitors
who do not have mature data
security programs in place
• Differentiator in attracting venture
capital or an acquirer
• A defined process for when an
attack occurs
• Damage limitation from an attack
11
12. Orus Dearman
Director
Business Advisory Services
Grant Thornton LLP
415.318.2240
orus.dearman@us.gt.com
Steven Perkins
Managing Director
Technology Industry Practice
Grant Thornton LLP
703.637.2830
steven.perkins@us.gt.com
InformationContacts
12
Ready to take a fresh look at
your cybersecurity program?
Contact Orus or Steve today.