Guarding Against Data Breaches
November 3, 2020
A cyber-attack can happen in many ways. There are precautionary measures for businesses to take as a way to protect company data and mitigate financial and reputational harm in the event of a breach.
- Conduct a risk assessment to better understand your cyber risks and help create a plan.
- Adequately train staff. Bad actors often find a point of entry into a business system through unexpectant employees.
- Maintain a computer password policy for employees.
- If employees are responsible for monitoring data breach detection tools on their computers, frequently remind them to monitor such tools as a way to ensure optimal security. If a data breach does occur, employees can immediately notify the appropriate individuals and begin the incident response process.
- Create back-up files and store them off-site. When backed up in an external hard drive or on a separate cloud account, data recovery after a cyberattack becomes much easier.
- Ensure systems have appropriate firewall and antivirus technology. Evaluate the security settings on its software, browser, and email programs. Utilize available email tools that allow employees to report possible phishing and spam.
- Establish and regularly update an incident response plan that includes:
- Points of contact for reporting incidents
- Investigation responsibilities
- A detailed communication plan
- A contact list of vendors, regulators, and law enforcement
- Create a disaster recovery plan. A denial of service attack could mean you need an alternate method for conducting business in a short amount of time. The Insurance Institute for Business and Home Safety’s Open for Business-EZ toolkit can help you form a plan.
- Protect your business with insurance coverage designed to address cyber risks. This type of coverage typically provides protection for costs associated with data breaches and ransomware.
When in the market for a cyber insurance policy, these risks should be considered:
- Liability – Your business may be liable for costs incurred by your customers and other third parties as a result of a cyberattack.
- System recovery – You will need the financial resources to repair and replace your computer systems or lost data.
- Customer notification – Your business may be responsible for notifying your customers if a data breach occurs, or even if one is just suspected to have happened.
- Regulatory fines – If the data breach results from a failure to meet federal or state compliance requirements, your business may incur substantial monetary fines.
- Damage to brand reputation – Reputational damage is measurable in terms of loss, meaning it can be insured. This type of insurance covering reputational damage generally covers the businesses’ loss of profits and offers support for crisis management and brand image restoration.
- Class action lawsuits – Large-scale data breaches have led to class action lawsuits filed on behalf of customers whose data and privacy were compromised.