Preparation is the Best Defense Against a Cyber Attack

Today virtually all business is on the radar of cyber criminals, and cybersecurity is no longer just an IT issue. It’s companywide, and all stakeholders need to be involved in solutions. Best practices for managing the risk of a data breach include minimizing data collection, complying with the Payment Card Industry Data Security Standard  (PCI DSS), and identifying and digitally shredding unneeded information. Access to personally identifiable information and HR data should be on a “need to know” basis. The network should be “split,” with electronic firewalls limiting the spread of viruses and attacks, and data should be properly encrypted. A comprehensive incident response plan should be in place and tested regularly through desktop exercises.

Businesses are also advised to work closely with a broker and insurance coverage counsel to procure the right data privacy insurance. Insurance should cover data restoration, re-securing the information network, theft, fraud and extortion, business interruption, forensic investigation, and crisis and PR management.

Keep in mind that insurance underwriters are very cautious and thorough in issuing data privacy insurance. Businesses that go through the process of purchasing insurance will learn a great deal about the state of their network security and response plan and be well-positioned to find gaps and upgrade their preparation.

Good preparation includes developing a strong response team and response capabilities, establishing relationships with law enforcement and regulators, creating and testing a plan, and anticipating communication, remediation and notification pitfalls.