You may have moved on from the once popular social media site, Myspace, but, unfortunately, it may still have a big hold on you, and your data. Approximately 360 million Myspace users are at risk, as Time Inc., which now owns the site, reported falling victim to a cyberattack. Account email addresses and passwords are up for sale as Time Inc. and Myspace users wait on pins and needles to assess the impending damage. This could be one of the largest data breaches of all time.
Stories of cyber security breaches are all too familiar, occurring in record numbers each year and impacting businesses big and small. Companies such as Target, LinkedIn and Sony know all too well about the implications of cyber liability, as do the thousands of businesses whose stories go untold, but are impacted all the same. According to the 2015 McAfee Security Paradox Report, 63 percent of midsize companies (51 to 1,000 employees) experienced a data breach. Headlines and ongoing research prove no company is safe from being a cyber target. It’s not a matter of “if,” but “when.”
Cyber-attacks have the power to cripple successful companies, affecting brand reputation, customers and the ability to operate profitably. A recent PwC report indicated that 10 percent of businesses that suffer a data breach were so damaged that they needed to change the nature of their businesses completely. Couple that with the costs to respond to such breaches and it is easy to see how a company could go belly-up from unexpected hacking.
Preparation is critical to mitigate these threats and companies should actively engage in cyber risk management practices to stay ahead of the curve. To prevent cyber security breaches, businesses should:
Assess risks.
Every company should understand the pervasive nature of cyber threats, from hacker attacks to employee mistakes. It is equally important to understand the company’s cyber vulnerability, which can be the result of on-going poor cyber hygiene practices.
Get educated.
Senior management should be well-versed in cyber security basics and understand the applicable federal and state regulations. Knowing the fundamentals is critical so that in the event of a breach, the right questions are asked and the right experts are retained.
Invest in best practices training.
The greatest cyber threat is employee ignorance. According to the Poneman Institute, 35 percent of cyber breaches are due to human error. Social engineering is also a powerful means to steal data, reportedly duping 85 percent of office workers in recent findings. Proper and ongoing best practices training has proven to reduce cyber threats due to employee error.
Have a plan.
Swift action is required for compliance with breach notification laws. Every company should have in place an early response team and a breach response plan.
Shift your financial exposure.
Procure cyber liability insurance. Traditional insurance products are insufficient to protect against cyber incidents.
Employ the right tools and experts.
Protecting a company’s data is complex. It is recommended businesses retain lawyers and outside cyber consultants to develop and help implement best practices to prepare for, or to combat a cyber breach.
Ted Schaer serves as chairman to the firm’s Liability, Privacy and Breach Response Department at Zarwin Baum. He is certified by the International Association of Privacy Professionals in Privacy and US Data Protection (CIPP/US), and advises clients on privacy and cyber-related issues. He leads Zarwin Baum’s Data Breach Response team, and serves as the chief information and security officer to the firm.
Elizabeth S. Fitch of Righi Fitch Law Group, is a founding and managing member of the Righi Fitch Law Group.
Published (and copyrighted) in South Jersey Biz, Volume 6, Issue 7 (July, 2016).
For more info on South Jersey Biz, click here.
To subscribe to South Jersey Biz, click here.
To advertise in South Jersey Biz, click here.
