With a new major data breach being reported about once a week, and countless others happening that don’t make the airwaves, it’s no wonder that cyber security is a major concern for corporations and their legal teams. Yet a recent Grant Thornton survey found that only 35% feel their organizations are prepared for a breach.
If your organization is part of the 65% who don’t feel prepared, and whether you have a corporate legal team or not, what can you do before being breached to minimize the impact to your business?
Here are 3 steps to prep:
- Assess your risk. This includes risk based on the type(s) of data you transmit and store, as well as your current cyber risk posture. Vulnerability scans and penetration testing, as well as running a phishing campaign to test your staff’s ability to recognize an unauthorized attempt to gain credentials will help you have a realistic view of your risk level.
- Take a continuous approach to prevention. You can’t look at prevention annually and hope it holds up for the next 364 days against an ever-changing barrage of threats. Test continuously, train throughout the year, and monitor for threats 24/7.
- Prepare for the worst by discussing incident response before an incident. What can be handled internally, and when should you call for outside resources to help with forensic data gathering and evidence preservation? Know when incidents need to be reported, and to whom. Consult a communications expert who understands incident response and how to help with messaging both inside and outside the organization.
If you take these steps, you will understand the controls that make business sense based on your risk level, you will quickly recognize if an incident occurs so you can address it, and you will have resources at the ready to help you remediate and minimize potential damages.