If you've been following the news at all lately, you know that cybersecurity is more important now than ever. Devastating cyber attacks continue to increase in frequency and severity.
Maintaining proper cyber hygiene is vital, as failure to do so could lead to disastrous losses for any organization. In response to the escalating cyber threats, federal and state governments are taking action and have proposed mandatory requirements for multiple business sectors.
In the latest reports for 2023:
In light of successful cyberattacks on multiple governments and corporations, it begs the question - what can the rest of us do? The answer lies in prevention and planning.
In the event of an attack, there are practical steps your organization can take to mitigate the impact. Let's delve into these crucial measures.
You might not have advanced technical skills or know much beyond basic Google searches, and that's perfectly okay. However, if you're managing a business and suspect it has fallen victim to a cyberattack, it's critical to understand that sensitive data could have been compromised during the breach. Taking immediate steps to minimize the impact and prevent future incidents is paramount.
1. Investigate Immediately
Believe it or not, the average company will take 197 days to even notice that a data breach has occurred. Think that's bad? It takes them an average of 68 days to contain it. Don't be the average. Take action immediately to mitigate the damage.
The first step is to confirm that the breach happened as soon as possible, and then find out how it happened and what information was accessed.
2. Document Everything
Document everything that happened in the cyberattack.
If applicable, report it to the police and any relevant agency, such as the Department of Homeland Security (DHS) or the FBI Internet Crime Complaint Center.
Consider enlisting the expertise of an IT forensics team to aid in gathering essential information and resolving the matter. Providing them with as much detail as possible upfront will optimize their efficiency and lead to more effective and budget-friendly outcomes.
3. Contact The Right Authorities
In May of 2021, President Biden signed an executive order on cybersecurity after the Colonial Pipeline incident (along with others). Other than the enhanced cybersecurity features, what's most important to know is the expected protocol for businesses after they are attacked.
Part of the order aimed to improve investigative and remediation capabilities. Inadequate logging harms an organization’s ability to detect intrusions, mitigate those in progress, and determine the extent of an incident after the fact, so make certain that your system logs are turned on and set to retain data for at least 30 days. 60, 90, or 120 days is even better.
As of 2023, publicly traded companies must report IT system hacks to the government and disclose cybersecurity risk governance in public filings, per new SEC regulations. You can find the details of that document outlined here.
4. Disclose The Event
If your company is holding customer data, such as credit card, contact, personal identity information, or personal health information, then you are required to report the incident to the authorities.
Each state has specific requirements, and you may be subject to multiple state disclosures based on what you store data, where your physical locations are, and whether that information is multi-state, if the information you store is health-related, you will need to file with the federal government.
Click here for further information, or click here to see the individual requirements for all 50 states.
You should have your disclosure statement reviewed by an attorney. Depending upon the size of your organization and the size of the breach, you may want to work with a public relations firm before releasing it to minimize reputational damage to your organization but keep in mind that there are legal and compliance timers running related to releasing information.
Be sure to inform your customers promptly and provide them with a clear outline of what the company intends to do about the situation. This proactive approach not only helps in managing the fallout but also fosters trust and loyalty among customers. The goal should be to avoid a scenario where the affected individuals learn about the breach from external sources (like the media) before you notify them.
Just because it already happened doesn't mean it can't happen again. Cybercrimes are very common, and many criminals who got away with it once will try it again, especially if you haven't improved your security.
In the realm of cyber security, learning from past errors is always important. Taking proactive measures to prevent breaches is far more effective than seeking solutions after the damage is done. As of 2023, it has been reported that the global average cost of a data breach is 4.45 million dollars, a 15% increase since 2020. The US average comes in even higher at 9.48 million dollars, sitting at one of the most targeted countries worldwide for data breaches.
1. Have A Plan
Not a lot of businesses have plans in place for cyber-attacks, but they really should. Also, having a comprehensive disaster recovery plan and business resilience plan (BRP) is the best way to restore your operations quickly and move forward after a successful attack. You have protocols for everything else, and you absolutely need to have plans in place for cyber-attacks.
2. Update Company Policies and Procedure
Simple steps like mandating new and strong passwords for employees every 3 to 6 months can go a long way to improving your company's digital hygiene. Make sure your WiFi is secure, that company emails stay on a secure network, and that you're scanning for malware regularly. Small moves can add up to big gains.
3. Improve Your Security
Your investigation in the aftermath of a breach will likely uncover additional steps necessary to enhance your cyber security practices. The right can improve your company's cyber security from every angle, putting you in a much better position to avoid future attacks, and limiting the damage should one occur.
As the nation’s first and oldest independent IT Security consultancy, JANUS is a company founded on the principles of leading the way. Our mission is dedicated to improving the information security of our clients, and society at large. In business since 1988, JANUS offers a full range of high-quality cyber security, privacy, and regulatory compliance services at affordable costs. Organizations seek us out to assist them with improving their cybersecurity, compliance, and privacy programs. View Our Cyber Security Solutions here or contact us today.