Given the current highly publicized SEC and Equifax data breaches that are studies in what not to do, a current article in Mondaq gives tips on how advance planning before cyberattacks and data breaches can mitigate the overall risk.
The recommended actions that need to be taken are:
1. Cybersecurity Corporate Governance is Essential—Have appropriately tailored cybersecurity policies and procedures that establish standards for all employees.
2. Incident Response Planning is Key—Businesses need to invest in preparedness to adequately respond to cyber events.
3. Reconsidering Document and Information Retention Policies—Even though it is relatively inexpensive to store documents and information, only store what is essential to service customers and meet mandated retention requirements. The less you store the lower the overall exposure.
4. Third-Party Vendor Risks—Do due diligence to verify that your 3rd party vendors have adequate cybersecurity policies in place.
5. Preparing for Class Action Lawsuits—Keep up to date records of steps taken to reduce your cyber risk.
6. Insurance Against Cyber Events—Assume that cyber-attacks are unavoidable and a cost of doing business. While you can do everything possible to mitigate the risk of a cyberattack, the reality is that a cyberattack is when not if. Cyber Insurance is an essential part of any cyberattack data breach advance preparation.