Cyber Attacks: Prepare, Prepare, Prepare

A cyber attack is any incident in which sensitive, confidential information is stolen or used by unauthorized individuals.  Cyber breaches may involve the theft or unauthorized use of personal health information, financial information, trade secrets, or intellectual property.  The consequences of a successful attack may include embarrassment, bad press, loss of business, loss of huge amounts of money – whether by theft or through the payment of ransoms (“ransomware attacks”), civil penalties, and even criminal prosecution.

When a breach occurs, companies spend enormous amounts of money hiring forensic investigators to figure out what was breached, who did it, the type of information accessed, and the extent of the damage.  They spend even more money determining how the breach happened, and what steps are needed to defend against future attacks.  Finally, they are forced to pay monitoring firms for years to come in order to protect customers from any future damage, protect the company brand, and reestablish trust with current and potential clients.

It is essential that corporate executives and owners make cyber security a priority in both planning and budgeting. While responding to a breach is expensive, the true cost to the company cannot be measured in dollars and cents. Tech-savvy customers want to know that their personal and/or financial information is safe from the rest of the world.

To instill confidence in potential customers (and avoid paying the costs associated with cleaning up a cyber spill), companies need to have a gameplan in place before a breach ever occurs.  The establishment of incident response teams is a vital first step.  The team should be made up of individuals that are team-oriented, detail-focused, and capable of sticking to the gameplan when stress levels rise.  These carefully-selected individuals must understand the importance of their roles and devote themselves to constant learning as cyber security issues evolve. Companies might also consider employing full-time services from outside providers.  In the end, it will be much more expensive to respond to a successful breach than to avoid one in the first place.