What’s the best way to prepare my business for a possible cyberattack?

You’re right to be concerned. Cyberattacks on businesses are becoming more common – and costly. The average total cost of a data breach was $5.9 million in 2014, and it’s likely to be more in the future.

What’s the best way to prepare my business for a possible cyberattack?When a data breach occurs, a company faces many challenges, including a duty to notify its customers. Forty-seven states (all but Alabama, New Mexico & South Dakota) have adopted laws setting data breach notification standards. While there is no uniform national standard for data breach notification, federal laws pertaining to health data and financial data set industry-specific standards for breaches of data.

In addition, the Federal Trade Commission has used its authority to take action related to data security. It also appears likely that the EU will be passing stringent regulations relating to data breaches. As advancements in data storage causes more and more data to cross state and international lines, this complex patchwork of regulation becomes increasingly significant.

So what is a business owner to do?

Promptness in reacting to a breach and awareness of the relevant regulations is critical to helping a company avoid harsh fines, consumer backlash and further data loss.

Create a data breach plan

Establishing a response team and an action plan on how to handle data breaches can help a company respond more quickly. Here are a few steps to get you started:

1. Choose a small but well-represented data breach response team that includes decision-makers from the executive level of the company, IT personnel, legal counsel, public relations professionals, and customer care representatives.

2. Create a data breach response plan that clearly

  • identifies the company’s priorities in the first 24 hours after discovery of the breach;
  • analyzes applicable legal regulations;
  • creates reporting channels; and
  • pinpoints public relation goals.

Review and revise the plan regularly to reflect changes in statutory guidelines and your company’s goals.

Get your house in order

While preparing for the worst is vital, avoiding a breach all together is even better.

The majority of breaches come down to one thing: people. Doing the following can help a business prevent the likelihood of data breaches from occurring in the first place:

  • Educate employees on the importance of cybersecurity;
  • Limit data access so that only those who need specific data have access;
  • Implement policies requiring strong passwords;
  • Limit access to data through exploitable systems;
  • Create clear reporting channels for violations of data security procedures

* * * *
This post was co-authored by Steven J. Boyne, an experienced corporate attorney and co-chair of Gunster’s insurance law practice. Cassidy Bergstrom is an attorney in Gunster's Jacksonville office; she represents clients in a variety of matters, with a focus on real property transactions.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Our attorneys keep clients in the know when it comes to how the law affects business. Read Gunster’s blog for timely and important updates on legal and business matters, straight from our attorneys to you.

Recent Posts

Popular Categories

Jump to Page

Gunster Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek