If you've been reading the news at all lately, you know that cybersecurity is more important now than ever. After a series of devastating cyber issues, the entire economy was shaken.
It has become mission critical and not maintaining proper cyber hygiene could result in catastrophic losses to an organization. Federal and state governments are finally reacting to ongoing devastating cyber issues and are proposing mandatory requirements for all entities.
A recent post on Tech Jury paints a very concerning picture:
With governments and major corporations being successfully attacked, what are the rest of us to do? Prevention, and planning. When it comes to planning, there are some simple steps you can take in the aftermath of an attack to control the damage. Let’s spend a few minutes discussing what some of those steps are.
Don't let your business fall victim to the same fate. Luckily, there are some simple steps you can take in the aftermath of an attack to control the damage.
You may not be a tech genius, and you may not even know how to do much more than search on Google. That's perfectly fine. However, if you're running a business and you believe it was a victim of a cyberattack, the one thing you need to know is that a lot of critical data could have been exposed when this happened.
There are some really crucial steps to take in order to control the damage and prevent it from happening again.
Believe it or not, the average company will take 197 days to even notice that a data breach has occurred. Think that's bad? It takes them an average of 68 days to contain it. Don't be the average. Take action immediately to mitigate the damage.
The first step is to confirm that the breach happened as soon as possible, and then find out how it happened and what information was accessed.
Documenting everything that happened in the cyberattack. This includes when it took place, how it affected your business, what information was stolen, any ransom that was demanded, the type of attack, and any other relevant information.
Any employees who were contacted or involved during the attack should also be documented, along with their contact information.
If applicable, report it to the police and any relevant agency, such as the Department of Homeland Security (DHS) or the FBI Internet Crime Complaint Center.
It’s always better to have everything documented but regardless, you may want to hire an IT forensics team to help you gather information and address the issue. Providing them in advance with as much information as possible will help get the best and most cost-effective results.
In May of 2021, President Biden signed an executive order on cybersecurity after the Colonial Pipeline incident (along with others). Other than the enhanced cybersecurity features, what's most important to know is the expected protocol for businesses after they are attacked.
Part of the order aimed to "improve investigative and remediation capabilities". Poor logging harms an organization’s ability to detect intrusions, mitigate those in progress, and determine the extent of an incident after the fact, so makes certain that your system logs are turned on and set to retain data for at least 30 days. 60, 90, or 120 days is even better.
If your company is holding customer data, such as credit card, contact, personal identity information, or personal health information, then you are required to report the incident to the authorities.
Each state has specific requirements and you may be subject to multiple state disclosures based on what you store, where your locations are, and whether that information is multi-state, if the information you store is health-related, you will need to file with the federal government. This link gives you further information and this link will take you to individual state requirements for all 50 states.
You should have your disclosure statement reviewed by an attorney and depending on the size of your organization and the size of the breach, you may want to work with a public relations firm prior to releasing it to minimize reputational damage to your organization.
Be sure to let your customers know exactly what the company intends to do about the current situation. That will be your best way to control the damage and retain customer loyalty. It’s always bad policy for those affected to find out by a 3rd party such as the media.
Just because it already happened doesn't mean it can't happen again. Cybercrimes are very common, and many criminals who got away with it once might try it again, especially if you haven't changed your security.
Learning from your mistakes is crucial in almost every aspect of life, but when it comes to cyber security, an ounce of prevention is worth a ton of cure. The average cost of a data breach in 2020 was $3.86 million. As you can imagine, it’s far less costly to do the right thing before an incident occurs.
Not a lot of businesses have plans in place for cyber attacks, but they really should. Also, having a comprehensive disaster recovery plan and business resilience plan (BRP) is the best way to restore your operations quickly and move forward after a devastating attack. You have protocols for everything else, you really need to have plans in place for cyber-attacks.
Simple steps like mandating new passwords for employees every 3 to 6 months can go a long way to improving your company's "digital hygiene". Make sure your WiFi is secure, company emails stay on a secure network, and you're scanning for malware regularly. Small moves add up. Here are a few, of the many steps, to tighten your security:
Mandating new passwords for employees every 3 to 6 months can go a long way to improving your company's "digital hygiene".
Make sure your WiFi is secure.
Company emails should always stay on a secure network.
Scan for malware regularly.
Chances are your investigation will have discovered there's still a lot more you can do to improve your cyber hygiene. The right cyber security team can improve your company's cyber security from every angle, putting you in a much better position to avoid future attacks, and limiting the damage should one occur. Cyber security is never 100% but minimizing your risk as much as possible should be your goal every day.
As the nation’s first and oldest independent IT Security consultancy, JANUS is a company founded on the principles of leading the way. Our mission is dedicated to improving the information security of our clients, and society at large. In business since 1988, JANUS offers a full range of high-quality cyber security, privacy, and regulatory compliance services at affordable costs. Organizations seek us out to assist them with improving their cybersecurity, compliance, and privacy programs. View Our Cyber Security Solutions here or contact us today.