Is your cyber response team trained, fully staffed and ready to swing into action if needed?
If your answer to that question was – “Cyber response team? What cyber response team?” – deduct one risk management point. If, on the other hand, you have at least a rough idea of who you’d call in a crisis, add one point.
“While it’s crucial to have preventive measures in place, it’s equally important to know how to respond quickly and effectively after a cyberattack occurs,” writes Erik J. Martin for CO.
Members of your cyber response team could include your office manager, an IT expert (in-house or outside), your insurance carrier, a data forensics specialist, and perhaps even a public relations person.
The immediate goals: (1) identify what happened, (2) assess the damage, (3) take corrective measures to prevent further losses.
Step One: Identify what happened
“Begin by identifying the type of threat that caused the security breach if possible,” says Monique Becenti of SiteLock. “This will give insight into what must be communicated to stakeholders and other departments.”
Next, notify all relevant parties, starting with managing partners and branching out from there. This requires a clearly defined plan that specifies the chain of command amid the chaos of a security breach.
- Notify your IT department, cybersecurity provider and liability insurance carrier.
- Interview all parties who discovered the breach.
- Document the process.
- Don’t destroy any evidence.
- Secure the physical areas related to the breach.
- Change access permissions.
Step Two: Assess the damage
“Prevent any additional data loss by taking all systems affected offline after your forensics team has conducted its analysis,” says data management executive Douglas Williams in the CO piece. “Swap out any affected machines with unaffected ones. Update all user credentials and passwords that a hacker may have gained access to.”
- Search online for exposed data or anything else that was exposed in the hack.
- Remove all compromised data, including on other websites where it may have been posted.
- Make a list of all losses and damages, including data recovery costs.
- Mitigate the damage and further risks.
- Use a security program to scan files, review firewall logs and quarantine malware.
- Scrub all malware from the system
- Notify your cyber insurance carrier.
- Notify your professional liability insurance carrier.
Step Three: Take corrective measures
“Once your company has nullified the urgent threat, there’s an imminent need to revise your plan and strengthen your defenses against future attacks,” says Mike Tanenbaum, head of cyber for Chubb North America, in the CO article.
This starts with education and awareness. Staff training should be regular and comprehensive. Employees should know the warning signs of suspicious emails and attachments. They should know what to do if they receive one. And they should be trained on encryption of sensitive information as needed.
- Review all software; upgrade where needed.
- Change passwords across the system.
- Implement two-step verification methods to access vulnerable accounts.
- Put a WAF (web application firewall) in place to safeguard your website.
- Ensure your e-commerce platform is PCI-DSS (payment card industry data security standards) Level 1 compliant.
- Make sure your website hosting company regularly patches any security vulnerabilities.
- Implement extra measures to prevent theft of company servers, smartphones, laptops and other electronics.
- Hire an outside cybersecurity professional for consulting/monitoring.
- Purchase cyber insurance coverage.
Contact Lawyers Insurance, the NCBA-endorsed agency for law firms in North Carolina, to purchase or learn more about cyber insurance. Call 1-800-662-8843 or click here.