Yes, this is another reminder! Aren’t we all tired of hearing about hacks and breaches and identity theft? There are almost daily articles, warnings and some huge, disastrous examples – it can be easy to become blasé.
All experts agree – whether your company is big or small – it’s not if, but when you’ll get hit.
Prevention is still important:
- Stick to training and pay careful attention to phishing – a very common cause of breaches.
- Use software, tools and updates to prevent easy access.
- Take great care with mobile devices, public WiFi, and working from home where protections may not at the same level. Also implement employee training.
Prevention on its own is no longer sufficient – you must have a mitigation or response plan (not just hope for the best)! Start with three questions:
- Who needs to be involved?
- You’ll need a team of both internal and external experts.
- A plan needs to be implemented; it’s the people, flexibility and resources that are key to success.
- Outside expertise starts with an experienced attorney who can help manage the process, assist with regulatory notification, and keep confidentiality foremost.
- IT specialists, engaged by your attorney, are critical in determining what happened, how to fix problems, and carefully preserving evidence.
- A PR firm to assist with managing and restoring your firm’s reputation.
- What steps must be in your plan? You will need to figure out and know:
- What exactly happened: an intrusion, theft of exactly what data, destruction or lock-down of your website, etc.?
- What are the possible implications: lost revenue from inoperative website, ransom demands, identity theft of personal or health records?
- What notifications are required by law and/or to protect your reputation: police & FBI, SEC, individual victims?
Remember plans must be tested and practiced to succeed in times of chaos.
- How can back up be helpful? You don’t have to do this on your own!
- There are many websites to help with information and experts. Search for “data loss help,” for example.
- Consider cyber liability insurance, it’s a great option and provides many resources. On the insurer’s website you can find: breach coaches (attorneys), forensic IT specialists, PR firms to help with messaging, notification services (call centers) to deal with victims, breach planning templates, employee, and IT staff training.
- Insurance offers not only expert resources, but also can pay for most or all of these costs.
Plan – don’t panic! Call or email Charles (510-685-3883 | firstname.lastname@example.org) with any questions or concerns about your unique situation. There’s never a charge for brainstorming.