Let's Connect

What's Your (Cyber) Plan?

07.01.16  |  By Lee J. Sacket

Every business that uses or relies upon technology faces the risk of a cyber breach or cyber-attack.   The numbers suggest that the question is not if you will be breached, but when.  Ignoring the likelihood of a breach could expose your business to unexpected and unrecoverable losses.  So, what’s your plan?   

There is an endless market of antivirus software and firewalls which companies utilize to protect against a cyber breach.  A preventative cyber plan to mitigate the likelihood of a breach is vital to any business infrastructure and its importance should not be devalued.  A preventative cyber plan should include, at a minimum:

  • Limit and restrict access rights to systems and equipment to necessary personnel;
  • Develop and test disaster recovery plans;
  • Provide information security awareness training to all personnel;
  • Configure strong access controls on firewalls;
  • Monitor system activity and all remote access;
  • Provide secure off-site storage of back up data; and,
  • Maintain updated virus protection.  

However, the largest and most financially able companies with well-publicized cyber breaches all had preventative cyber plans in place, to varying extents, when they suffered breaches.   The hackers seem to always be a step ahead of the preventative technology.  As a result, if your plan is limited to preventative measures, you should rethink that strategy.   

Companies must have a second plan focused on what to do when the inevitable breach occurs, commonly referred to as an Incident Response Plan (“IRP”).    An IRP should be tailored to that business, but should consider, at a minimum, the type of information contained by the company, the amount of information and who and where that information is currently available. 

Too often, a company’s IRP is limited to calling its counsel, or the insurance company to file a claim.  These calls should be a component of the IRP, not the full extent of it.  Every second wasted allows the breach to potentially expand, which increases the company’s exposure.  There must be steps in place to react immediately.  Common key elements to an IRP generally include, but are not limited to:

  • Response Team: Identification of personal, which almost always includes members of IT, HR and management, each with well-defined roles to immediately respond to the breach.    
  • Stop or Mitigate the Breach: While identifying the breach is the most obvious and important element, you must next stop or mitigate the breach.  Categorizing and prioritizing confidential information may expedite the response and mitigate the breach.
  • Communication:  Get out in front of the breach!  Communication with IT, counsel and your insurance company is vital.  In addition to communicating internally with employees and externally with clients (whose information may be subject to the breach), the states have different notice requirements for breaches, which must be complied within generally short timeframes.  Failure to do so could lead to fines and other compensatory damages.     

Damages for cyber breaches can be extensive and sometimes, beyond measure.  The impact of a cyber-attack to an organization’s brand, reputation and business operations can be catastrophic, beyond any dollar value.  Organizations need to plan proactively but prepare for the reactive.  While every company has varying resources to formulate these plans, utilize all available assets, including counsel, your insurance company and outside consultants, to navigate this ever changing landscape.    You cannot afford not to.  

Back to all Articles