5 steps you should take now to get ready for a cyberbreach

cyberbreachIt seems that the news is constantly filled with stories about data breaches. But breaches are more than just news fodder; they are a big wake-up call for organizations to re-evaluate their security technologies and practices for securing sensitive data.

Cyberattacks have become an increasingly frequent and costly occurrence. Today’s operating environment contains multiple factors that result in dynamic vulnerabilities and threats, with increasingly destructive and complex impacts. The cost to victim organizations is being measured in hundred of millions—even billions—of dollars. .

In attempting to respond to this complex environment, organizations often face or create additional challenges due to poor people, process, and technology decisions. Meeting security needs and challenges—not to mention staying compliant in heavily regulated industries—requires companies to understand the value of data, address the correct level of security required, and evaluate access. No matter your industry, understanding how information moves within your business and partner companies is key to understanding how to protect that data.

Preparing for a cyberbreach is key to protecting data

How an organization prepares for and handles a breach can make an enormous difference in mitigating the consequences to its reputation and finances. It also can help strengthen its security posture and reassure customers that the company can protect their data.

Here are five actions you can take to help your company build a strong security foundation:

1. Evaluate the level of security needed

Remember, not all data is created equal. The level of security needed should be assessed in light of the sensitivity of the data being processed, as well as each business’ specific requirements.

2. Perform an organization-wide risk assessment

Identify the relevant data, networks, and assets that need to be secure.

3. Review system policies and procedures

Take steps to help make sure that security controls are embedded into operations.

4. Mandate education and training programs

These can help raise your employees’ awareness and understanding of risk and acquaint them with the security policies and procedures you have in place.

In many cyberattacks, employees may be a weak link; phishing attacks, for example, are launched when workers open an innocuous email, allowing the hacker to gain access to the company’s server. This can easily be avoided with proper training.

5. Undertake scenario planning and simulation exercises

Use relevant, real-world scenarios tailored to your industry and the types of threats you face.

To make the exercises feel authentic, base them on incidents you and your colleagues have faced in the past, or on well-known real-world examples. Simulate the time-crunch your company will face during an incident by highlighting required timelines for notifying relevant parties, be it the card brands (e.g., Visa, MasterCard) during a payment card incident or appropriate government regulators.  

When a breach occurs, time is not on your side. It is critical to have in place an incident response plan that identifies who is responsible for handling the breach and the steps that should be taken to ensure a coordinated and cost-efficient response.

A retainer service with a trusted partner can be valuable in such situations. Your response to a breach can have far-reaching consequences (bearing in mind that any documents or steps taken may be scrutinized by a regulator or court further down the line).

For more information on how to plan to stay ahead of the next-generation threat landscape and prepare to respond to a breach, download the most recent edition of AT&T Cybersecurity Insights, “The CEO’s Guide to Cyberbreach Response.”

Bindu Sundaresan Strategic Security Solutions Lead AT&T About Bindu