Published on June 3rd, 2019 📆 | 5880 Views ⚑0
Is your company prepared for a cyber-attack?
Facebook encountered the largest data breach in its history. A hack in September 2018 exploited vulnerabilities in the code that
powers the social network and compromised the information of 50 million
Facebook users. Given the site’s prominence, a breach might not be
surprising. But if Facebook, who spends more than
$3.7 billion a year
on security, is not immune from these type of cyber attacks, what business
possibly could be?
“This is a risk we all incur doing business in the world of internet and
technology,” according to cyber expert and partner at Archer Law
Robert Egan. “Businesses need to face the inevitability of being hacked at some point.
It’s not a question of if, but when — and that’s why being proactive to
minimize the risk is essential.”
Cyber security is quickly becoming a top concern for businesses of all
sizes. The statistics are staggering:
80 percent of businesses
expect a critical breach during 2019, and
74 percent of them
won’t even know of the breach when it happens. Even the cost of these
attacks is increasing. While every business owner understands the damage to
reputation and customer relationships that could come from a breach,
high-profile incidents such as those at Facebook have
increased government attention and regulation
on these issues.
Businesses who come under cyber attack may become the subjects of
government investigations and lawsuits, as well as become legally required
to pay the costs of notifying, and providing credit monitoring and identity
theft insurance for the people whose personal information was accessed or
stolen “There’s an ongoing trend in the law to impose liability upon
businesses that do not take reasonable precautions to protect against
unauthorized access to people’s confidential personal information.”
observes Egan. Although the definition of reasonable precautions
is imprecise, and what is or is not reasonable will vary from case to case, the one thing universally agreed upon is that
doing nothing does not qualify as a reasonable precaution.
And, it is not only other people’s data that is vulnerable to attack, but
also each business’s own assets, including its bank accounts, confidential
information and the electronically stored data that it needs to operate.
That’s why being proactive, and preparing well before an attack with the
assistance of experienced counsel and technical experts, is the best course
of action for all businesses. They should minimize the chances of an event
by devising and implementing best technological and operating practices and
policies. They should minimize the impact of an attack by purchasing cyber
insurance policies. They should also create an “incident response plan” in
conjunction with experienced lawyers and cyber technology consultants.
Technology now touches every part of a business, so the process of building
a plan cannot be isolated to one group or division of the company. It
requires a holistic approach that brings together internal stakeholders and
outside experts to assess risk, expose vulnerabilities, and develop a plan
for response should an attack occur.
Law firms with an expertise in cyber security
encourage their clients to take a comprehensive approach which should be
tailored to the nature and features of each business, including its budget.
A business should expect to undergo data security counseling and data
security audits, HIPAA counseling, and prepare a data breach response. In
anticipation of potential outcomes, firms will often consider strategies
for data breach litigation, government investigation, changes in insurance
coverage, and evaluation of international data privacy compliance. Not only
are these fields complex — they are constantly evolving, requiring expert
help for even the savviest business.
No business sees a cyber attack coming, and even after it has occurred, it
may not be discovered for some time — but its impact can be expected to
reverberate in perpetuity. That’s why every business must act as though it
is vulnerable, and prepare. With
the right counsel
and planning, the worst effects of an attack can be minimized, and
businesses can spare themselves the embarrassment of Facebook.