Cybersecurity and data protection are huge concerns for every modern business and organization, whether big or small. Surprisingly, however, most teams spend an inordinate amount of time on preventative measures but cut corners when it comes time to imagine, and prepare for, the worst-case scenario. This is unfortunate because there are two types of companies in the world: those that have been hacked and those that will be.
How and what you do during an attack and afterwards is just as important as what you do before. For instance, during a data breach, it is incredibly important that your security team regains control of your systems and data access points, blocks access to offenders and then prevents further breaches in the short time thereafter. Amazingly, most companies take more than six months to detect a data breach. That is an incredibly long amount of time for attackers to have access to your data and systems.
It’s time to heed the warnings about cybersecurity. Preventative measures are beneficial, but they’re only one piece of this critical puzzle.
1. Inform Clients and Customers ASAP
After a breach, your brand won’t be the only casualty. Your clients and customers are also at risk, which means it’s incredibly important to disclose the breach to them as soon as possible. Believe it or not, many organizations choose to hide this information because they worry about how it will affect their company’s reputation. Exactly the opposite is true, however — longer you withhold information about a breach, the worse your reputational damage is likely to be.
Just consider Equifax — one of biggest financial middlemen in the United States of America. They not only withheld information about a breach, one which detrimentally affected millions, but also played dumb about the fact that the breach could easily have been prevented. The company began staring down a tidal wave of lawsuits alleging severe negligence just days after making the breach publicly known.
Don’t believe for a moment this is an issue you can hide from the public. Protect your customers and yourself by announcing news about a breach as soon as you find out.
2. Adhere to State and Federal Laws
Many states require that you file a notice with your attorney general’s office if over 500 customers were affected and notified about a breach. That’s just one example of a regulation you may need to comply with. Another requires that you send written notice to customers who have been affected. Failure to do so could result in serious fines.
To make matters more complex still, your industry may have a regulatory body that enforces its own rules pertaining to customer data and security. Make sure before a breach happens that you know all the rules and regulations that apply to you, and that you know how to follow the necessary protocols. Even more pro-consumer government oversight may be on the way. Stay informed and educated.
3. Adopt an “Incident Response” Strategy
You should create and regularly maintain an incident response plan to deploy during and after an attack. The attack may still be ongoing even when you discover it, so taking rapid and appropriate action will be incredibly important going forward.
Your plan should take into account parties such as attorneys and legal teams, IT forensic professionals, vendors, third-party services and even customer outreach. Have a clear-cut action plan for every team or professional in your arsenal as well as a defined reaction to various events.
Don’t forget to educate and include your team and workers in your response strategy, too. Proper handling of payroll and similar systems after a breach is a great example. It’s one system you might not think to consider when so much data is at stake, but you definitely should have proper response strategies and metrics across all your channels and data streams.
4. Call In IT Forensics, Stat
If someone is wounded, the first thing you do is get in touch with a medical professional. Then, you get to work trying to understand and treat the injury.
Likewise, as soon as you realize there’s a breach, get in touch with a professional forensics team. A good idea is to sit down with said forensics and security teams and hash out a plan of attack before a breach. Know what you should be doing and what you should wait for them to do. Furthermore, understand response times, administrative tools at your disposal and potential weak points in your network.
Just because you outsource security and support doesn’t mean you should remain in the dark about the entire process. It all begins with you and your team.
5. Have Cyber Insurance
Many major insurance carriers now offer cyber insurance plans, with three-quarters of such policies provided by Travelers, for example, cover damages up to $5 million. These policies may or may not cover legal and forensic fees, customer outreach expenses, credit monitoring tools, court costs, litigation funds and more. They can also get you directly in touch with security and data experts who understand the entire process better than you ever could.
In some cases, it might feel hard to justify this expense. Just remember that insurance policies like this are wholly useless after an attack happens. Get yourself covered before the worst happens.
Have a Thorough Contingency Plan: Cover Everything
Finally, remember to weigh the overall impact of your actions along every major touchpoint in your security journey. Factor this back into your overall contingency plan. How do you prevent further data loss? How do you revoke access from unscrupulous parties? Is it possible to use encryption to make data useless even if it is stolen? Who can you call for aid to help assess the damage? When and how do you inform your customers or partners?
“The opinions expressed by BizWitty Contributors are their own, not those of BizCover and should not be relied upon in place of appropriate professional advice. Please read our full disclaimer."