Keep calm and prepare for a cybersecurity breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://thedailyrecord.com/2015/08/03/keep-calm-and-prepare-for-a-cybersecurity-breach/

Cybersecurity and data forensic firms are sending a loud and clear message:
no one is safe. Theoretically, anyone could become the target of a
state-sponsored hacking group working in shifts and around the clock whose
single purpose is to break into your computers to steal or wreak havoc.
When you become such a target, your fate is sealed and it is only a matter
of time until you become the victim of a cyber-breach. Law firms, they say,
are sought-after targets.

The reports on data breaches seem to be ever more frequent and ever more
disheartening. The goals of the criminals are many – to steal credit card
information (e.g., Target and Home Depot breaches), to stockpile
information on the workings of the U.S. government (e.g., U.S. Office of
Personnel Management and United Airlines breaches), to obtain confidential
files from law firms to be used in litigation (e.g., the recent California
lawsuit against major workers’ compensation insurer and their attorneys),
to manipulate penny-stock prices (e.g., JPMorgan Chase breach), to engage
in insider trading (e.g., recent SEC investigations into breaches), or to
gain a competitive edge in sports (e.g., St. Louis Cardinals hacking the
Houston Astros).

The perpetrators are both foreign and domestic. They are outsiders and
insiders of companies. Some apply for jobs with the ultimate purpose of
getting into an organization and stealing data. Others steal data when
their employment is terminated. Trusted individuals may destroy evidence to
hide breaches. Other times, evidence of a breach is destroyed without
knowing that preservation could have mitigated damages. It is all very
discouraging.

Not all hope is lost, however. Most law firms will never become direct
targets of foreign state-sponsored hackers. Rather, like other
organizations, law firms are more likely to be exposed to more pedestrian
threats. These are caused by human error – clicking on a link in a phishing
email, losing laptops or cellphones, mistakenly sending data to the wrong
addressees, not following basic security company policies, carelessly
handling of company data on personal computers, not password-protecting
devices, or not encrypting data.  Many of these threats are preventable.
Human error is part of life, however, and therefore so are cyber breaches.
The silver lining is that with careful pre-breach preparation, the
aftermath of a breach can be much less costly.

The first step in preparing for a breach is to acknowledge the need for
education on and a heightened awareness of cybersecurity issues. Accept
that cybersecurity must become part of your organization’s culture.

The next steps involve everything a victim company wishes, often too late,
that it had done before it was breached. These measures will focus on
prevention by training of personnel and by implementing data security
policies. They will also focus on reducing the time and cost to respond to
a breach. Generally, they include:

(1) adopting security practices that are reasonable and appropriate for the
size of the organization and the industry in which it operates (pay
attention to the data security guidelines issued by the state and federal
agencies relevant to your industry);

(2) including cyber professionals in management and at the board level of
the organization;

(3) retaining outside data security lawyers before the breach occurs to
avoid scrambling to find counsel at the very intense time when you learn of
the breach;

4) retaining forensic cyber professionals before the breach occurs to avoid
wasting precious time and paying “emergency basis” fees when the breach
occurs;

(5) investing the money to test your organization’s vulnerability level and
to identify weak links;

(6) creating a breach-response team with a response plan;

(7) doing at least one test-run to see how the response plan plays out; and

(8) starting a relationship early on with the local FBI and Secret Service
offices to know how and when they can help.

Finally, take a deep breath and exhale slowly. There is insurance to cover
cybersecurity breach incidents. And if you go through the steps above, you
will also be in a position to judge how much cyber insurance you need.

Good luck, and do not forget, encryption is your friend!

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!