Companies around the globe urgently need to address the overwhelming amount of potential cyberattacks on their data and sensitive information. Companies must proactively recognize, respond to and address cyberattacks before they get out of hand. Not to mention, companies need to understand how to keep employees calm, how to mitigate damage, and more once a cyberattack has occurred.
Fortunately, Francoise Gilbert, of Greenberg Traurig, recently sat down with Inside Counsel to discuss important cybersecurity issues including how companies can recognize cybersecurity threats and inoculate their systems from a breach and can create cybersecurity crisis management plans.
According to Gilbert, there are several ways that companies can recognize, respond to and address cyberattacks before they get out of hand.
“It is often difficult to recognize the most skillful attacks because they have been designed to look ‘normal’ and be consistent with the typical operations of the entity,” she explained. “A number of attacks follow pre-existing patterns; thus, staying aware of the current trends, keeping informed about the techniques used in other attacks could increase awareness and provide useful clues to identify the first elements of a cyber-attack.”
Therefore, sensitizing the company’s staff and management to the high risk of attacks and actively educating them to raise their awareness is an essential basic component of the fight again cyberattacks. The more eyes or minds are looking for clues the more changes there are to catch an unusual pattern.
So, what are some ways to mitigate the damage of cyberattacks?
“Act as quickly as possible,” said Gilbert. Next, preserve evidence, logs, and records, to be able to conduct forensics examination with reliable data. And finally, ensure that all personnel understand that it is better to report an incident that turns out to be insignificant, rather than not reporting it, and risk to have missed a very critical clue.
There are also a few examples of what some companies are doing to effectively prevent cybercrime. First of all, Gilbert said the companies that are most effective at preventing cybercrime are vigilant. Also, they make cybersecurity a priority in the organization, rather than an after-thought. And lastly, they educate everyone from IT and IS staff, to employees, board members, service providers, contractors, temporary employees, etc.
Gilbert shared some keen advice on how companies today can create and prepare management teams to better handle cyberattack crises.
“Start at the top; get buy in from the Board,” she said. “Make sure that the Board understands the issues and the ubiquitous risks for the company. And, set aside a budget; good enterprise security programs take time and money to build and to maintain.”