In an interview about cybersecurity, former Homeland Security Chief Jeh Johnson provided valuable insight about cyberthreats. While discussing the disturbing number of data breaches in 2018, Johnson stated, “In terms of the general threat picture, I believe it’s going to get worse before it gets better. I believe that those on offense are increasingly clever, aggressive and tenacious. And those of us on defense have yet to turn the corner. We struggle to keep up on the defense.” While firms are finding it harder and harder to ignore the issue of cyber security, it’s safe to say that not enough of them have implemented rock-solid practices to fend off attacks.
When asked about his thoughts on the growing number of cyberthreats in the general landscape, Johnson replied, “I think that large-scale attacks will likely become more pervasive. I think bad cyber actors will become more and more ingenious in ways that we cannot fully conceive as we sit here.” Cyber-attacks are extremely prevalent in today’s digital environment, and it’d be safe to assume you’ve already been the target of past breach attempts. Regarding which types of firms should be the most concerned, Johnson said, “Any business that warehouses large amounts of personal data, whether it’s a bank or a university or a hotel chain, needs to be concerned about the intrusion and theft of that personal data by a nation-state, or a cybercriminal.” The potential damage of a hack warrants enough concern for every firm to roll out sound defense strategies. Below are three ways to prepare for a data breach before one occurs.
- Be proactive. If you wait to fall victim to a cyber-attack before you think about how to respond to one, be prepared to lose data, infuriate clients, and expend a significant amount of resources for damage control in the event of a breach. Having a plan for cyber attacks would put your firm in the best position possible to make reparations if one transpired. Johnson said the third highest concern for firms should be “… impressing upon… the leadership team… that cybersecurity has got to be a core priority of the business. Just like the protection of your physical infrastructure, it’s not just simply an information security concern that you pass off to your chief information officer. It is a core part of the business.” Johnson continued, “Too many of us are in a situation where we have to react to an incident. I would encourage in-house attorneys and senior legal officers to get out in front of an incident and ensure that their cyber defenses are as good as they can be. Not enough of our clients do that.” The bottom line is your firm needs to develop data breach processes and share them with stakeholders.
- Turn to the experts. If you’re rolling out security practices for the first time, entrust cyber experts to help you. Johnson commented, “Get a team of cyber experts and a sufficient level of cyber capability that can provide some sophisticated level of defense.” Make this team responsible for encryption and backups, which enable your firm to render stolen data useless if it falls into the wrong hands. Keep network administration rights in the hands of this team and task them with setting up anti-malware and firewall software.
- Deploy a multilayer system to protect data. Securing your hardware is the first step. Use complex passwords, attach computers to desks, and install “Find my device” technology on all devices. Next, educate your employees on how they can protect your data. Insider threats make up nearly 75% of security incidents, training your staff on their role in securing data will go a long way. Teach employees not to share passwords and not to use unsecured networks or websites. Lastly, consider purchasing cyber security insurance. If all else fails and you’re covered under insurance, the costs of a breach will be much lower than it’d be without coverage.
There’s no one-size-fits-all approach for addressing cyberthreats, but analyzing your vulnerabilities and developing a plan to address them is a great place to start. Trust the experts as you build a process and share the information with stakeholders. Johnson put it best when he said, “I can envision a future where our cyber defenses are much tougher, and the level of cyber intrusions and cyber-attacks has decreased and we have turned the corner.”