5 Ways to Prepare for a Cyber Attack

Is your business prepared for a cyber attack? It should be, writes Roberta Anderson of K&L Gates:

“As the incidences of cyber attacks escalate, the costs associated with attacks are also increasing. In data breach cases, companies may incur substantial expenses relating to federal and state notification requirements… Companies may also face governmental and regulatory investigations, fines and penalties, and lawsuits seeking damages for lost or stolen data, invasion of privacy, misappropriation of intellectual property or confidential business information, or other consequences of a data breach… Companies may also incur significant expenses associated with retaining forensics experts and assuaging and attempting to maintain customers and curtailing damage to reputation, by, for example, providing credit monitoring services to affected individuals and retaining public relations consultants.”

What to do? These five things, for starters:

1. Cover your bases with cyber insurance:

Roberta Anderson: “Insurance can play a vital role. And, yet, some companies may not be adequately considering the important role of insurance as part of their overall strategy to mitigate cyber risk. A recent 2012 survey conducted by global consulting firm Towers Watson reports that 72% of the 153 risk managers of North American companies surveyed ‘ha[d] not purchased network security/privacy liability policies.’ […] On the other hand, risk managers and in-house counsel may not be aware if, and to what extent, the company already has coverage for cyber risks under existing ‘traditional’ insurance policies, many of which cover cyber risks.” (K&L Gates)

2. Make your data security policy easy to follow:

“… a few principles generally apply when organizations are crafting data security policies. To start, a simple, broadly applicable and easily understood policy typically is more effective than one that attempts to detail all possible scenarios and responses. Overly detailed policies quickly become hard to follow. ‘The moment people say, “I have to look it up,” it makes it harder to comply,’ Cate says.” (NAVEX Global)

3. Draft cybersecurity into your contracts:

“A company’s best defense against any of these potential [data security breach] pitfalls is to take the steps necessary to sufficiently protect all proprietary and customer data… Private sector businesses should now ensure that their agreements contain terms that effectively control access to and use and disclosure of their confidential or nonpublic intellectual property assets, such as patents, copyrights, and trade secrets and, separately, the personally identifiable information they store or otherwise retain.” (Venable LLP)

4. Protect against the inside job:

“Employers should implement robust confidential information, electronic communications and usage and access policies. Such policies should prohibit employees from accessing data that is not required as part of their job duties and spell out that violation may lead to termination. Best practice would be to physically limit access so as to prevent the possibility of such violation in the first place. Policies should also discuss the types of threats that businesses are facing and how employees can help to minimize such risks. While written policies are a good starting point, ensuring that they are followed in practice is most important. If implemented correctly, such policies can dramatically help reduce the risks posed by cyberattacks.” (Sheppard Mullin)

5. Never underestimate the threat:

Michael Schmidt: “Pro-actively drafting cybersecurity policies and protocols is like doing a will for yourself, or an employee manual for your company. The thought process is that there is nothing imminently pressing that requires me to think about (or spend the time and money doing) either, and the problems fixed by both will ‘never happen to me.’ But the world is changing rapidly, and the ‘It’ in the ‘it will never happen to me’ is all of a sudden happening to companies all around you when it comes to cyber risks, and data and privacy breaches.” (Cozen O’Connor)

The updates:

Related reading:

Find additional Cybersecurity-related updates on JD Supra Law News>>