Technology has put businesses around the world in cyber criminals’ crosshairs. It’s not a matter of if your company will sustain a breach, but when.
According to Cybersecurity Ventures, global cybercrime costs will reach $10.5 trillion annually by 2025 (up from $3 trillion in 2015), representing the largest transfer of economic wealth in history.
But the harmful effects of a breach extend well beyond the financial costs. Consider the hit your reputation will take if your business sustains a privacy breach, your customers’ personally identifiable information (PII) is leaked and you don’t appropriately respond.
Create your cyber risk plan
With an inevitable data breach looming, you can take measures to minimize the fallout and your liability exposure. It starts with prevention, cyber insurance and an incident response plan. Your response plan should list the resources your company needs to respond, steps to mitigate the breach, who should be alerted and what actions to take.
To create your incident plan, the Federal Trade Commission (FTC) recommends assembling a team of IT security experts well before the first breach. Your security team should identify and fix any possible vulnerabilities right away. But if your business does experience a data breach:
- Stop additional data loss by taking equipment offline and replacing passwords and logins.
- Reassess your vulnerabilities to mitigate any further breaches.
- Consult with a lawyer who specializes in privacy and data security. Choose a lawyer who has extensive experience in privacy and data security. They will be able to describe any culpability you may have as a result of the breach.
- Notify the police department of the potential risk of identity theft.
- Communicate the breach to everyone involved, quickly. Alert your employees, partners, customers.
- Reassure them that you’re taking the necessary steps to remediate. You’ll probably have to pay for credit monitoring for all of the affected account holders. Be transparent about the nature of the breach, how it happened and what information was taken. Offer tips about how they should respond.
- Consider a public relations firm that specializes in crisis communications. This type of firm can craft a message and make sure it is consistent and accurate.
- Consider designating a point person to release information about the breach. You may want to post news of the breach on your website or through a press release.
- A privacy breach may expose account information like credit card or bank account numbers. In that case, notify the bank or financial company of the breach so they can monitor the affected accounts for fraudulent activity.
- If the hackers stole Social Security numbers, alert the major credit bureaus.
- If you have cyber liability insurance, contact your insurance company as soon as possible. Liability from third-party claims will be covered under a cyber insurance policy, sparing you legal fees and damages that may occur as a result of the breach. Many insurance companies will help you with most of the bullet points above (public response, lawyers and other details).
Minimize your risk exposure
Of course, you can minimize the possibility of a privacy breach by following a few best practices:
Enlist a cybersecurity specialist. They can educate you and your employees about how to keep security top of mind.
Keep security patches up to date. Many vendors send out security patches regularly, and it’s not always easy to stay on top of them. Automating your patch management programs can help.
Train all employees on how to file and store data and how to avoid malware and viruses. Many data breaches happen because hackers trick employees.
Consider limiting access to vulnerable websites.
Ensure passwords are complex enough so hackers can’t guess them. Require your employees to use passwords that include a mix of numbers, letters and symbols.
Create a cybersecurity policy.
Beef up network security on Wi-Fi and smart devices.
Consider cyber liability (or data breach) insurance. One of the perks that many cyber policies offer is breach response assistance and a duty to defend in a lawsuit.
Reach out to your insurance professional about cyber
Cybercrime is unavoidable in today’s always-on digital world. Chances are, if you haven’t already been victimized, you will be someday soon. Be vigilant in protecting your own PII as well as that of your customers, partners and employees. Enact strong security policies to mitigate vulnerabilities and create a clear plan of action to detect and remediate privacy breaches.
Your insurance professional is also a great resource. They can explain how to protect your business through cyber liability insurance before a breach occurs.
