Even if you were not a victim, every company should do the following three absolutely free and easy things, with the expectation that you might not be so lucky next time around:
1. Assign Responsibilities. When responding to a cyber attack, efficiency is critical. Time wasted figuring out “who’s on first” deciding who is going to do what can lead to mistakes. Certain critical tasks must be done early, such as communicating with employees, hiring attorneys and forensic computer experts, and responding to press questions. The time to decide who is going to take responsibility for each of these tasks is before an attack is discovered.
2. Cultivate a Culture of Security Awareness. By now, all employees should be aware of the threats of phishing e-mail and ransomware clickbait. But keeping employees vigilant and motivating them to do the right thing is also critical. One easy way to promote proper employee actions is to reward employees who do the right thing by alerting the IT department of threats they have received. Rather than being brushed off or treated as routine, these employees should be given a clear signal through public acknowledgement and praise that everyone has a role in cyber security.
3. Know What Information is Stored and Where. Every business has private information of some kind, even if it is limited to employee records, stored in various locations. It might be in the cloud, on multiple computer hard drives, on laptops, in paper form, file cabinets, in databases and spreadsheets. To the greatest extent possible, companies should keep an inventory of these locations and also seek keep that list of locations small. Maybe an employee’s backpack gets stolen out of the parking lot; make sure that a database of private information is not inadvertently stolen with it.
There are lots of other things, both free and that require a budget, that can be done in response to the WannaCry attack and all of the other examples of the past few years. It seems to me a good idea to preemptively create a BitCoin accounts (“wallets”) to avoid delay in responding to ransomware attacks. Insurance is available to defray the costs, including ransom amounts and business interruption expenses, that companies suffer in an attack. I will leave it to computer security experts to advise on preventative technical solutions and procedures.
It becomes more and more clear at time passes that every company should be prepared to deal with a cyber attack. Without presuming to predict the future for any particular company, it seems fairly safe to say that suffering an attack is looking more and more inevitable.
Here at Propel Insurance we offer Cyber Insurance that not only defrays the costs, but also connect your company with a skilled and pre-selected Cyber Breach Response Team that can streamline the various response tasks and save your company both time and money.
If your company fell victim to May 12th’s “WannaCry” ransomware attack, there are likely more than a few things you do in fact wanna do.