By Becky Blalock
Getting a flu shot doesn’t mean you won’t get the flu. And so it is with cyber breach prevention. Yes, companies and individuals need to be diligent about deploying the latest tools and training to help secure their systems. But let’s face it. For each new technology to prevent a breach, a new one is developed to compromise it. So, it is important to be prepared in the event you are hacked.
Few companies have a response plan in place, and of those that do, the data shows that very few are actually practicing them. A plan should spell out how you will communicate with your employees, customers, stockholders and potentially the media. It should also list whom to contact for help. That should include details on which vendors you will use for different kinds of hacks, along with contact information for each vendor. It should also include direction on whom you will contact in law enforcement or regulatory agencies. Many companies do not know that the FBI is the best place to turn for help and advice if you get hacked.
It is also important to understand what you will do to remediate any damage done to other parties, such as your employees or customers. Will you provide credit monitoring or other services, and whose services will you deploy? If there is a service disruption due to a hack, what is your contingency plan?
Many companies think they are safe because they are backing up their data. However, back-ups may be corrupted when going back months. What is your plan if this happens?
It’s hard to make the investment in practicing for something that may never happen. But responding quickly can be the very best way to protect your company’s brand. I have learned that people can handle bad news; what they cannot handle is no news. The longer you wait to inform affected parties about a breach, the more damage you do to your credibility and brand.
So along with all the prevention you can do, be prepared for the worst.
Becky Blalock is the managing partner of Advisory Capital, is a board member of Hannon Armstrong and Aspen Aerogels and the former CIO of Southern Company. She is certified in Cyber Security by Georgia Tech and National Association of the Corporate Directors (NACD). Catch her on the panel “Improving Your Cyber Readiness and Resilience” on October 9 at Cybercon 2018 during Atlanta Cyber Week.
Atlanta Cyber Week connects the dots in our cybersecurity ecosystem and contributes to the story of metro Atlanta as a top venue for global commerce. Registration for Atlanta Cyber Week and Cybercon is open now! Visit www.atlcyberweek.com or click here to register.