So, what data?
The important thing is to ask yourself, is all the data that you're collecting really worth storing and protecting? Because, when there is no data, there is nothing to steal! Your one and only goal for having those stored in your database, should be concerning what's best for you and your consumers.
While you have decided which data you would like to keep, ensure that it is protected. Encrypt the sensitive data that you would not want to have exposed when the system is in a vulnerable state, thus in case of an emergency, only useless numbers will be acquired. Additionally, if your company can afford a secure cyber insurance, do not hesitate to buy one. It will reduce the significant cost that can result from data breaches.
Another major attribute lies in your employee's data practices. Train and engage them with best practices to protect data and the system. You do not want to see anyone use the word “password” as a password, which happens all too often, as people find it convenient and easy to remember. But without thinking about the consequences... Send out simulated phishing exercises, such as an email pretending to be someone else with some link written. It will help prevent data leaks or the introduction of a virus to the employee’s system in the future.
Come into action!
Last but not least, identify who is on your crisis response team and appoint a spokesperson. Craft a written response plan, know who to call and in what time. Likewise, there are a number of factors you should include in such a response plan:
- Record the date and time of the incident
- Alert and activate the team
- Assess the situation
- Secure the premises
- Stop additional data loss
- Document everything
- Monitor what’s being said
- Take accountability
- Reach out to your audiences
- Record lessons learned
- Review protocols and other legal liabilities
Let’s assume that you applied all of the above and you are certain that you are secure. Guess what? You are not! The fact that you always think about privacy, that you have a response plan and that you trained your employees, does not mean that there's no way that your system can be hacked. However, these precautions make it a lot harder. The goal to aim for is maximizing the effort and time it takes for some hacker to break it. As well as knowing how to act in such a case. So, as S. Lover’s Rory O’More had said years ago, “Better safe than sorry”.
Did you miss out on the first part “How to act to a cyber attack”? Read it here!