What to do when the cats out of the bag..

 

I just Got Breached; now what!

-        Heath Wruble

 

You or your company just got breached, no, not by a bunch of robbers or an opposing company, but by cyber terrorists. What did they take, how far did they get, what do we do now?

You have heard about companies being breached and client data stolen; you may have even heard a story or two about a ransom demand for the stolen data. One law firm was breached, data was stolen, and the cyber-terrorists demanded millions for the data, or they would release compromising emails, papers, and other legal documents if their demands were not met. The law firm did not take the bait and stood up to these threats.

Is this something you would do, knowing compromising material was out there? Would your clients understand and stand by you, or would they be running for the hills with lawsuits to follow, destroying everything you built up, years of sweat and tears down the drain or will you end up paying the ransom to maintain your business?

What do you do when you are notified of a breach, and how would you handle it?

You need to think about cyber security threats before they happen, implement systems that help you avoid intrusions, and create a plan to react to these threats and events before they happen. Plan for the worst hope for the best.

Smart and effective leadership starts from the top and impacts the entire organization. Planning is an integral part of an organization including threat prevention, detection, and resolution.

Protections in place prior to a breach:


Prevention, All organizations must ensure proper Information Technology (IT) systems are in place including firewalls, dual authentication passcode systems, and employee training. These are just a few components organizations must undertake to help prevent cyber intrusions. Read my previous article called “Cybersecurity is on my Mind” for some great ideas on how to properly implement a strong effective, secure system. Building and maintaining an effective system will make it much harder for cyber bullies to get into your computer system, however, you must be prepared to react to any cyber intrusions at a moment’s notice.

Backup, As part of any effective IT system currently in place, you should have a strong reliable backup system. Backups are the best level of defense for ransomware attacks. Additionally, ensure that any agreement you maintain with your backup server provider (the vendor service agreement) reflects maintaining a full server image (this is a complete picture or copy of all of your data at a given time) and the ability to switch on your back up servers in the cloud for immediate recovery.

Team IT, maintaining a reliable in-house IT team, or outside third-party IT provider, properly certified with the most up-to-date Microsoft skills and training, makes all the difference. These professionals will help monitor your systems, react, and help train current and new employees on best practices.

Detection helps monitor your systems and employee activity to prevent or react to cyber intrusions. Some firms even test their employees throughout the year by sending fake phishing scam emails to see which employees take the bait. They normally follow up with better training for all employees, but

especially those that are most vulnerable. Ensure you have a specific employee or group of employees responsible for monitoring cyber security breaching attempts in order to effectively react to any attempts or actual breaches (aka your IT Team).

What to do once a breach occurs:

 

Take Action: when you are notified of the breach, you first need to ensure that all other vulnerabilities are shut down; you need to turn the spigot off immediately to ensure no more data is lost, including changing passwords.

Investigate, and determine how you were breached. Did they get passed your firewalls, or did they send an email with a link, and that link allowed them to burrow into your system? Your IT team will be all over this, once they determine how then you can implement additional preventive measures for the future. Conduct a deep dive into the data that was affected, and identify critical data that was stolen, In some cases, there was an attempt, but the criminals were not successful. In some cases, hiring a professional third-party consultant to help evaluate and respond to a breach should be considered.

Resolution ensures a quick response and rapid resolution to any cyber-attacks. This takes a dedicated team, working with your vendors and senior managers to be able to quickly pivot and react to new threats, be completely open with your employees and customers, come up with one message and stick with that message, pay for data protection services for customers that have been adversely affected.

Notify, that news of the breach will leak sooner rather than later, it will be reported that your systems are vulnerable, and you were attacked. Once you have identified the affected data and or clients, tell them it’s that simple, it is actually the law. There will be some angry conversations, but this is something you need to go through; make sure you have the facts right before you call, and come up with a solution to protect the clients from further hassle, your main priority is to protect the client and understand that receiving this type of news causes concern. The focus should be helping the customer through these trying times and your communication is paramount.

Communication, The best approach is to be upfront with your employees and your clients as quickly as possible, if not you will no longer control the narrative. When you control the narrative, you are better able to control the outcome and thus better able to withstand the media onslaught.

The first step is to talk to your employees and stress that any questions from media or regulatory authorities need to be transferred to the Critical Response Team (seriously, you do not have one, I will explain the team’s purpose in the next paragraph). Any questions from clients can be addressed by employees within the organization as long as they follow the script and stay on topic (the CRT team needs to be able to provide a script for all members of the organization). Set up an escalation process, with a special dedicated media team, to handle the more difficult client calls as well as media and regulatory inquiries.

Critical Response Team, what is that? This is a dedicated team that should be set up in advance; before there is ever an issue, this team will create steps, processes, and procedures to implement for a data breach. The team should have set leadership, meet regularly, even if there hasn’t been a breach, written procedures to follow, call lists to notify key leadership and management, and the ability to react and pivot to threats. The team should be comprised of the following:

·       Technology leaders who understand the nuisances of data breaches.

·       Communications (Press office, Marketing, etc.) to help craft and respond to the public, clients, and employees.

·       Legal, to ensure all applicable laws are being followed and timely action is taken.

·       Senior Management to oversee and ensure leadership is well informed but also plays a critical role in the response process.

·       Operations, key operations point person to ensure the continued operation of the organization.

Depending on how large your company is, you may add additional members to ensure continued business operations and better communication throughout the company.

When communicating with clients and others, be clear, show them that you have the situation under control that you are on top of the matter, that you are as concerned as they are, and will do everything you can to protect them. The message could be as simple as the following:

“At this time, we can inform you that there was a cyber intrusion and breach of our systems. We are working with our partners and have hired an outside consultant to determine how and what was compromised, Rest assured we take these issues seriously and will communicate with you once we are better able to determine what was affected. In the meantime, please be extra vigilant when receiving emails or phone calls claiming to be from our firm. We will never ask you about personal information without requesting additional identification, and we will never provide confidential information over the phone unless we obtain additional identification from you. We will keep you updated throughout this process and inform you if your data was affected.”

This shows your clients you have the situation under control, you are being open, and you understand their concerns, if clients continue to ask questions that staff are not able to answer make sure you have an escalation process that will escalate these concerns to a more experienced team.

Rectify work to resolve the breach by upgrading your systems and policies, training internally, educating clients, and working with vendors. Provide credit monitoring to the clients affected.

Improve your image, you may take a publicity hit, it will not be pleasant, and there may be news articles that will not be kind to you or your company. Work through them slowly and honestly, effectively communicate, and do not try and spin the bad news. Acknowledge the breach, inform them of your steps, and ensure the public as well as your customers you are taking this matter seriously and that the firm is taking corrective action. This will go a long way with your clients, with the public, and with your employees.

Regulatory requirements may be necessary, depending on the type of business you are in, make sure you loop in outside counsel to ensure you are following the necessary rules and regulations.

Cyber breaches are a trying time for any organization, large and small. Voices will be raised, and tempers may flair. do not take these altercations personally and understand the stress everyone is under. With the proper planning and open communication, you and your organization will muster through and will prevail. Do not forget to get the best systems possible to help better protect your organization but most importantly, your client's information; train your employees and test your systems regularly; and set up a response team to be better prepared and hope for the best but prepare for the worst.

Popular posts from this blog

Thinking Strawberries in the 21st Century

Image
This week some ideas on what makes your company different , is it a software toolset? who knows - read on to keep growing your business.  Hat tip to  Compliance Expert Health Wruble for the excellent content. Happy Friday..  Thinking Strawberries in the 21st Century -Heath Wruble As a C-level consultant and business owner, I was recently reminded of a public speaking course I took back in graduate school. One of our professors, Michael LLorenz was tasked with getting us prepared to make solid presentations in the real world. His public speaking course was essential for his students and one of the most important and practical courses we have taken. His wisdom helps his students to this day forge ahead in the business world and most of his students still keep in touch with him, which shows the impact he has had and still has on his students. Professor LLorenz would assign each of us a famous speech, have us read the speech, as a homework assignment and then stand up in fron...
Read more

Climbing the Second Mountain

Image
“Life is a series of problems to be analyzed and addressed. How do we fix our failing schools? How do we reduce violence? These problem-centered questions are usually the wrong ones to ask. They focus on deficits, not gifts...  The better community-building conversations focus on possibilities, not problems.  They are questions such as,  What crossroads do we stand at right now?  What can we build together?  How can we improve our lives together?  What talents do we have here that haven’t been fully expressed ?” ― David Brooks, The Second Mountain: The Quest for a Moral Life   Hat tip to Paul Giobbi for the book recommendation.  One of the benefits of being a consultant is that you have a bit more time to look at the big picture. Many of the folks I speak with are struggling with semi retirement or just not being as active and are looking to do a little something to keep them engaged.   Through my newly minted AARP Membership (I am not...
Read more

Bear made us all better employees and more importantly, better people.

Image
  Always Innovate and Never Surrender -Heath Wruble   Business leaders with a game plan continually move forward, never sit still, and are constantly innovating, creating, and building. Jeff Bezos, Mark Cuban, and Warren Buffet charge forward and effectively lead their businesses to new heights. As a leader, you are charged with never giving up; if you fail, make the changes necessary to succeed, learn from your mistakes, pivot, regroup, and never surrender. I speak to business leaders every day and give this same advice, today it's free!   Do Not Rush   Sumner Redstone took over his father's drive-in movie business, called National Amusements Inc. He helped expand it, and slowly over time, he was able to build it into a massive movie theater business; it is said that Sumner Redstone coined the phrase “cineplex”. It took decades not years, for Redstone, to methodically build his business by continually innova...
Read more