Cybersecurity: Preparation is The Only Solution

No one is immune from cyberattacks, and you’re likely to become a victim if you haven’t already. According to the statistics it’s a matter of when and not if. The number of data breaches through the third quarter of 2021 surpassed the total number of events in  all of 2020 by 17 percent (1,291 breaches in 2021 compared to 1,108 breaches in 2020), according to Government Technology Magazine. For Q3 2021, the number of data compromise victims (160 million) is higher than Q1 and Q2 2021 combined (121 million).

An attack typically occurs when perpetrators find a way into a network system, often by taking advantage of a human vulnerability like getting an employee to click on a link that enables malware to penetrate a corporate network. Once inside the system, the intruders gain access to administrator privileges, and then goes on to hijack or cause other disruptions to a network’s data and infrastructure. The costs to a business, not to mention the associated damage done to reputation and client relationships can be fatal. The National Security Institute Reports that the average ransom demanded in an attack rose from $5,000 to $200,000 between 2018 and 2020. 

While not eliminating the chances that a cyber attack can occur, there are precautions that you can take today that will significantly decrease the odds of you becoming a victim tomorrow. 

• Initiate Employee Training: Engage an online or in-person training program that will make everyone in your company aware of the risks associated with cyber attacks and introducer the precautions that they should take. This should include regular training with the embedding of “phishing” emails and follow up. 
• Conduct a Network Audit and Implement Patches: Have your computer network evaluated for vulnerabilities and weaknesses and then have patches applied to the system. When a service like WordPress or your internet provider  tells you to update your system, make sure you do. Systems that are not updated are ripe for exploitation.
• Use Multi-Factor Authentication and Strong Passwords: Ensure that all of your employees use strong passwords (i.e. not “123456”), that they are required to change on a regular basis,  and introduce multi-factor authentication. That’s when you sign on and the site sends an addition authentication code to your phone via text. The protection afforded by a slight delay in signing on is more than compensated for by the enhanced security afforded. 
• Implement a Backup System: Make sure that your entire system is backed up, online and off. This will enable you to restore your network infrastructure and data in the event that cyber attackers hold your system hostage. Recently, hackers have been gaining access to online backup systems, so make sure you retain one that’s completely off-line.
• Create and Test a Robust Incident Response Plan: Do not wait until your system is attacked to figure out what to do. Create a plan and test it to make sure that you’re aable to respond efficiently and effectively in the event of an attack or system failure. And make sure you test that system. The best incident response plan is worthless if it just collects dust on a book shelf. 
• Obtain Cyber Insurance: While insurance does not prevent an attack from occurring it can certainly diminish the financial impact that a cyber attack can cause. 

Creating a global protection and response plan can be overwhelming and is often beyond the scope of a company’s in-house capabilities. Although some tasks may be handled by various vendors, especially technical audits, it is advisable to have the overall process coordinated by a single team. The ideal solution is often to engage an attorney to coordinate and to handle many of the tasks. A law firm can ensure that you are legally protected and also that the work being done under its auspices is covered by the attorney-client privilege in case a lawsuit is filed at some point down the road. 

The threat to cyber security is constantly evolving and authorities are constantly playing defense to criminals highly motivated by financial rewards. Maintaining cybersecurity is not a one and done task, and the process of protecting your network is necessarily ongoing. What worked yesterday may well be outdated by tomorrow. While the threat cannot be eliminated entirely the risk and accompanying financial and legal liability can be dramatically reduced by implementing a dynamic cyber security plan.