National Cyber Security Recognition

In recognition of National Cyber Security Awareness Month and our firm’s commitment to bringing about more awareness to this critically important issue, we provide our readers with insightful tips on how to stay ahead of this all too pervasive issue. Unfortunately, too many think data breach is a big business problem when, in fact, their small and mid-size counterparts are more likely – not less – to be attacked. And attacks by outsiders on the internet and cyber criminals are only a part of the problem.

Did you know…

  1. More than 50% of data breaches can be attributed to the unintentional behavior or negligence of employees in the workplace. Common examples include an employee inadvertently opening malicious email that upon closer inspection would have raised a red flag – wreaking havoc on computer systems and often resulting in the silent harvesting of private company or customer information or failing to log-off leaving information open and exposed to potential misconduct by others. More intentional misconduct must also be guarded against when, for example, terminated employees who might be looking for retribution still have login credentials or other access to company or personal information.
  2. A staggering 60% of small businesses suffering a data breach will be out of business in less than 6 months following an attack (according to the Experian Data Breach Study in 2013 and other national sources). The cost of a data breach is not small and goes far beyond fines imposed by regulators, card brands, Attorney Generals or others. The typical response cost is now estimated at about $181 per record. For even the smallest breach, this quickly adds up with estimates for a small business data breach on average costing from $500,000 to $1,000,000 or more. In addition to the costs necessary to investigate and resolve a breach, the harm to a company’s reputation following attack is next to impossible to calculate – often resulting in staggering consequences for the ill prepared.
  3. Over 70% of security breaches are targeted on small businesses or particular industries. Retail, healthcare, hospitality and financial sector businesses have been particularly hard hit sectors and are often prime targets for cyber criminals. Attacks on small business aren’t usually the result of an attack on that particular, individual company, but more likely occur from the large, sweeping, phishing attacks cyber criminals make on industry sectors (retail, Mom & Pop shops and restaurants are among favorites) where hackers have correctly assessed these smaller businesses are less equipped to defend against attack.

The Best Defense to Cyber Attach includes:

  1. Creating a “culture of cyber security”. Everyone in the workplace must be adequately trained and aware of the potential risk of cyber attack. For even the smallest employer, Data Protection Policies suited to the particular industry risk and job function of their employees must be developed, monitored and enforced in order to protect against both inadvertent or more intentional use or abuse of sensitive, internal company information or customer personal information.
  2. Having a Response Plan in place can minimize the impact of a breach. Hacks, breaches and other cyber crimes happen out in the world every single day; just as fires, floods and other losses occur every day in the business world. In addition to training and adequate policies, every business needs a Data Security Response Plan outlining the important steps that need to be taken when a breach has occurred or is suspected. Too many small businesses are blind-sided when breach occurs and are fasted with too little too late in the eyes of regulators and others. With so much at stake, every business needs to be prepared. No business can assume it won’t happen. With the tremendous growth of insurance products coming on the market to cover a data breach losses, businesses may want to purchase coverage, but care must be taken to review what’s covered, what’s not, whether there’s coverage under existing policies and the insured’s responsibility for meeting the applicable data protection standards before coverage is available in the event of loss.
  3. Lastly, having the right team you can quickly call upon to assess and respond to a breach is critical. If and when the worst happens, having a plan in place means you won’t be consumed by the aftermath and have the right resources in place to assess and resolve the issue as quickly and favorably as possible.

This article was written by Attorney Tegan Blackburn, who focuses her law practice in Simsbury, Connecticut on Business & Corporate Law, Compliance Counseling, Commercial Transactions and Data Breach Response. She is General Counsel and Chief Compliance Officer to various IT, healthcare, retail and other industry clients and has been called upon to resolve data breach incidents in Connecticut, as well as acting as a consultant to other firms in and out of the New England area. This article is intended as general guidance and is not legal advice. The reader should consult with an attorney regarding their particular situation.

Other online resources are available at the National Cyber Security Alliance and at:
http://www.staysafeonline.org
http://nist.gov
http://stopthinkconnect.org