Overall, the risk to most contractors from the theft or unauthorized disclosure of PII is small, but significant first party exposures arising from ransomware attacks, including business interruption and data destruction, in addition to sophisticated social engineering attacks, leave many contractors vulnerable to sizable financial loss
What Can You Do To Prevent A Cyberattack?
A: Cyberattacks are constantly evolving in their manner of attack and every organization should dedicate resources, internally or even externally, to understand the data at risk and how best to protect it. Many organizations focus solely on IT security and overlook that almost a third of all cyber events are directly related to human error.
Companies should begin their risk management efforts with educating employees on the ramification of a cyber event and how it may seriously damage the company’s reputation, relations with customers and regulators, and financial impact on the company’s balance sheet. This should include ongoing training on what data is at risk and how to safeguard it given the schemes and methods directed against them by bad actors who want access.
From an IT security standpoint, there are a number of practical measures firms should consider implementing. A few of these include:
- Maintain and update firewalls
- Back up all data on a daily basis on a physically separate system
- Encrypt mobile devices including thumb drives
- Implement multi-factor authentication
- Consider end-to-end encryption of all communications
- Rigorously enforce a robust password policy
- Utilize secure email gateway software
- Establish regular anti-phishing training for all employees including executives
- Know what data is confidential, where it resides and avoid concentration on one device or server
What Should You Do After A Data Breach?
A: The answer depends if the contractor has a cyber policy in place or not.
If coverage is in force, the contractor immediately upon discovery of an incident should contact their insurance company to reach a breach coach.
The breach coach, normally a lawyer, will discuss with the contractor the immediate steps to be taken on their behalf. The coach will engage directly, from a list provided by the insurer, an IT security and forensic firm to investigate the cause and the scope of the breach or ransomware attack, including the records potentially compromised or encrypted. This information will be relayed to a law firm chosen by the insurer.
If the event is a suspected data breach, the firm will review the information to determine if the incident meets the threshold of a breach depending on individual state and/or federal law. Upon such a positive finding, an attorney will draft up notification letters to be forwarded to a fulfillment center to mail out to the affected individuals within the guidelines of the applicable laws.
Prior to any mailing, a call center will be established to answer any questions by those affected upon receiving their notice. Concurrently, a crisis management/public relations firm will be engaged prior to the release of the notifications to help protect the contractor’s reputation by formulating a public response to the breach once the notices are sent.
If the contractor does not have a cyber policy, a law firm specializing in cyber events should be engaged immediately upon discovery of the incident. Ideally, the law firm and data breach response vendors should have been engaged prior to any data incident by the contractor, providing an efficient, speedy response to the incident, as well as saving money by pre-negotiating rates for their services. The law firm should always engage the IT security and forensic team to keep any information discovered by the team within the client-attorney privilege.