What should a business do in case of a cyber attack?
Here are 4 considerations a business should think about if it is in the unfortunate position of suffering a hit.
1. Privacy – You must start with privacy. Who has been affected by the breach? Which data is compromised: client, vendor or employee data? What are your obligations to these individuals? How do you fulfill them? What are the costs involved?
2. Internal systems – Has it affected your own computer systems and data? – Can this data be recovered? How quickly can you get back up and running? What are the costs for down time and to restore systems?
3. Extortion – Have you been contacted by someone to pay a ransom to release your data? Should you pay? Will they just ask for more? How do you prevent them from coming back? Is there another option?
4. Social Engineering – Has someone in your organization inadvertently provided funds or information to an unintended third party unknowingly? Is there any recourse?
Most small businesses are not prepared to handle any of these scenarios. Small businesses are the most susceptible simply because they typically don’t have the budget or know how to deal with such an incident (cost & expertise). For many businesses, more important than the cost of damages is the critical breach response (expert advice from privacy lawyers, forensic teams to establish extent of loss, PR assistance for communication etc).
The attached Product Feature sheet describes how APRIL’s Data and Cyber policy would respond to most of these scenarios and most importantly, our Cyber expert team will be there to guide you through the process.
For more information see the following articles: