How company management should respond and react to cyber breaches
We live in a world ruled by data. When people work, shop, and see the doctor, they are providing email addresses, payment information, and medical records. This data is helpful for growing your business and fulfilling customer needs, but in the wrong hands, it can be disastrous.
As company management, it is your responsibility to ensure that corporate data and the information of your customers is secure, and that if the unfortunate does occur, you step up and make things right. In addition, you also need to create plans to ensure that a cyberattack doesn’t happen again.
As a manager, you want to think about a constructive response when you first learn of a data breach. Regardless of how significant the damage may be, the last thing you want to do is assign blame and belittle your team. Instead, you want a more measured, reactive approach where you take the time to learn about the ins and outs of the problem and what can be done to avoid it happening again.
When it comes to your verbal response, inform your teams of what occurred and what the company is doing to resolve the issue and prevent it in the future. If this is your first data breach, then you can look at the steps other executives have taken in response to cyberattacks. In most cases, it comes down to training and preventive measures.
While training your current employees is essential, you also want to think about the future. You may want to implement a strategy where you screen potential employees for past crimes, particularly with theft or cybercrimes. You may also decide to require that all new workers sign a confidentiality agreement that outlines potential consequences if those agreements are broken. With that in place, it is now time to train your current crew.
Common Cyber Crimes
A valid management response would be to set up mandatory training meetings where all employees gather to learn about common threats and how to avoid them. You can also use this time to inform them about websites that may be blocked going forward or new systems that may be required such as a virtual private network (VPN).
There are many methods that hackers use to hack into your systems and knowing the risks can help you to train towards them. Many hackers use social engineering scams to propel an employee to click on a dangerous link or program. One of these scams, called baiting, involves a hacker who sends out what appears to be a helpful piece of software like a system update or antivirus program, but when the employee clicks to download, it unleashes malware onto the system. The prevention involves informing your staff to only click on links that have been vetted by management and the IT team.
A common social engineering scam is the phishing email, which is sent to unsuspecting employees from a hacker who attempts to mimic the email address of an entity of importance like a bank. The emails will include a link or attachment that, when clicked or opened, can create a doorway for hackers to access your system or upload a virus. Extensive training should be done to inform employees about potential warning signs:
- Emails filled with misspelled words.
- An email address that is not according to company guidelines.
- An email that includes a link or attachment that you were not expecting.
Protect Your Systems
Depending on your business, proper cyber breach prevention may not only be recommended but required. In the medical field, HIPAA regulations dictate that medical establishments must have proper precautions in place to prevent cyber breaches at all costs. If they don’t have requirements such as up-to-date virus software and a dependable firewall, then they could face hefty fines. Regardless of your industry, a proper response involves proactive system protection. When implementing these strategies, remember that computers can only analyze so much, so qualified IT teams will want to check their work and install all necessary updates.
Start by sending out required password requirements for all users. Proper passwords should be difficult to guess and include a combination of letters, numbers, and special characters. Passwords should also be updated on a regular, bi-monthly basis. Passwords for sensitive information, including employee records and social media accounts, should be shared only with those who absolutely need them.
You also want to get a handle on mobile devices used outside of the office. Whenever possible, devices with confidential information should be left at the office. If employees are allowed to work remotely at public places and they use Wi-Fi, they need to make sure that they are using the company provided Wi-Fi and not a fake connection that looks like the real deal. Using fake WiFi could allow a hacker free access to their device and your corporate data.
In the end, the best response to a cyber breach is to understand the problem and implement the best strategies to ensure that it does not happen again. By making the right moves, you will show that you truly care about the security of your organization.