You have probably heard about many companies lately that were victims of some sort of cyber security attack. Ransomware seems to be the order of the day, and more often than not companies pay the ransom so that they can get the information released as soon as possible. Typically hackers will demand fairly low amounts of cryptocurrency so that it makes more sense for a company to pay it and pay it quickly. Based on the uptick in ransomware attacks, it has become a very lucrative, though illegitimate, business.
The first action plan in a cyber war is always prevention. Good IT policies and procedures are not optional. However, even companies that have impeccable policies and procedures can and will still be breached. Part of a company’s policies and procedures must include a detailed breach response plan. The plan needs to include immediate action items. The company should have a designated person whose responsibility is to immediately contact it’s insurance carrier and/or it’s attorney. The attorney should immediately hire a forensic IT expert to stop any breach, pay a ransom via cryptocurrency if necessary, and figure out what exactly was accessed by the hacker. It is important that the attorney be involved first so that the forensic IT report is a privileged communication.
A breach response must be done as quickly as possible, even if the breach is clearly over. Data breach laws around the world require this. For example, if private information was accessed by a resident of the EU, a supervisory authority has to potentially be noticed within 72 hours of notice of the breach. Each state in the US has a breach notice law, with timelines starting at 10 days out from notice of the breach. There are fines for not sending out notices as required. In other words, time is of the essence. Don’t wait to involve the necessary parties.
If you don’t have policies and procedures in place for breach prevention and response, don’t hesitate to do so now. As always, feel free to contact us if we can help.