More than ever it is important to have a cyber attack response plan in place.
HBO’s high-profile cyber attack in July resulted in the personal information of Game of Thrones actors being leaked online, as well as scripts and episodes of unreleased shows being leaked. In total, hackers reportedly stole 1.5 terabytes of data from HBO. The hackers also demanded that HBO pay to prevent more information from being leaked. So, while a cyber attack or data breach sounds like a CEO’s worst nightmare, there are many ways to help reduce the possibilities of it happening to your company.
Establish cyber security policies
Depending on what state (or states) you do business in, the potential legal obligations if your firm experiences a breach can differ. “Companies that do business nationally may have to comply with as many as 46 different state laws,” according to Entrepreneur. “You also could face liability lawsuits from affected parties”. Understand what your legal obligations consist of and consider cyber-insurance if you feel it is warranted.
Make understanding potential security risks part of on-boarding new employees. It is also a good idea to provide periodic training and updates for existing employees, as it suits their role in the company. Employees who regularly use company computers and software can become targets for phishing scams and malware attacks.
Enlist your technology providers and IT department in keeping your employees up to date as well. New kinds of cyber threats happen, so make sure your employees know what to look out for.
What to do if it happens
If by chance your company faces a security breach the first thing to do is to understand and contain it. For example, you notice that a specific set of files has been accessed. Make sure to investigate the extent of the breach and increase security on other files. Try adding extra layers of encryption or taking them offline temporarily. Make sure your internal IT teams work to contain the breach, and have external experts audit your systems to determine what has been compromised.
Notify customers, employees and partners once you learn specifically what data has been compromised. Communicate what data was lost, how the situation is being controlled and what your customers may need to do.
Depending on your company’s resources and number of customers, it may take time to reach every person and/or company affected. One way to do this proactively is to put out a press release that addresses the issue and provides links to FAQs about the breach for customers. You should also create an internal FAQ for staff members who will likely have to answer your customers’ questions.
To maintain trust, it can be necessary to be transparent with the public about the breach. It is also important to emphasize the strict measures your company takes to safeguard against such breaches in the future.