Issue link: https://nebusinessmedia.uberflip.com/i/834279
V O L . X X I I I N O. X I I I J U N E 1 2 , 2 0 1 7 16 C yber security is top of mind in businesses of all sizes. As lawyers practicing in the data privacy and cyber security areas throughout Maine and New England, we thought it would be helpful to provide the following list of seven steps to consider as you assess the cyber health of your organization: 1. Educate yourself: ere is already so much we need to know, but cyber security is too important not to invest some time in learning basic concepts. Fortunately, there are many read- ily accessible sources of information, including blogs such as Krebs on Security (www.krebsonsecurity.com), written by former Washington Post staff er Brian Krebs. Another good place to start is the Cybersecurity Framework developed by the National Institute of Standards and Technology. 2. Have an incident response plan: e early hours after a breach is dis- covered are critical, and every orga- nization should have an up-to-date incident response plan that will enable it to respond quickly and eff ectively in a crisis environment. ere are several local security consultants who can help you develop a plan that is right for the needs of your business. Among other things, a good plan should detail the makeup of your internal response team, the procedures it will follow in the event of a breach and the external resources that will be available to assist, such as forensic consultants, attorneys and public relations professionals. 3. Consider hiring a chief privacy offi cer: Many companies are hiring a chief privacy offi cer or chief informa- tion offi cer. is individual, usually an executive of the company, should be charged with primary responsibility for developing and implementing policies designed to protect employee and cus- tomer data from unauthorized access, as well as spearheading eff orts to address breaches. Consider also whether your organization has management person- nel outside the IT department who regularly are involved in data protection — good security should involve non-IT personnel as essential players. 4. Test yourself: You should test your cyber security regularly in order to fi nd its potential weaknesses. At a minimum, conduct at least an annual assessment of the key components of your sys- tem and the knowledge of your team regarding best practices. Internal audits are useful, but also consider using an outside security professional to per- form penetration testing. 5. Train and retrain your team: You must develop and perform internal training at every level of your orga- nization, with regular reinforcement. Even security-minded employees can fall prey to attacks in surprising ways. For instance, one prevalent form of attack is CEO fraud, in which the attacker impersonates the boss via email and tricks a staff member into wiring funds or sending sensitive fi nancial information to an unusual destination. Good training on com- pany protocol would prevent many such attacks. And while eff ective testing is crucial, its benefi ts will be wasted without follow-up training. 6. Consider cyber insurance: Your company's current policies, including its general liability cover- age, are unlikely to protect you in the event of a cyber incident. Fortunately, the cyber insurance market is expand- ing. Your agent can suggest policies that will cover both fi rst-party dam- ages, such as business interruption and loss of income, the cost of foren- sic investigations, legal fees, regula- tory penalties, breach notifi cation and even public relations assistance to deal with potential reputational and branding fallout. Policies may also provide third-party coverage against damages your customers sustain as a result of a breach. 7. Always stay one step ahead: Cyber criminals are constantly trying to fi gure out new ways to enrich them- selves at your expense. No system ever will be foolproof, but investing time and dollars now in proper planning, train- ing and insurance protection for your organization will pay for itself if it pro- tects you against even one serious cyber security event. Good cyber security has become part of your business, like it or not, so accept it and get out front. D M and M B are shareholders at the law f irm Ber nstein S h u r i n P o r t l a n d . Do a 7-step cyber health checkup B Y D A N I E L M I T C H E L L A N D M I C H A E L B O S S E H OW TO 1.877.Bangor1 | www.bangor.com It's not just business. It's personal. Member FDIC We've been working hand-in-hand with small businesses ever since we were one. As Maine's Top Small Business Administration lender since 2011, helping Maine businesses is what we believe in. It is what we do.