2. Prepare your incident response team. Practice is key. If the chief decision-makers have never met before a data breach occurs, the response may not be executed with the highest degree of confidence. 3. Save money by learning how to “speak” insurance. Understanding the intricacies of insurance can mean money in your pocket in the event of a disaster. Learning what the insurance companies require and getting the proper coverage will save time and money. 4. Remain calm. Measure your response. Shutting down operations is often drastic and unnecessary. Determine what really happened before making any decisions or talking to third parties. You want to ensure that your entity is the true source of the data leakage before you respond. 5. Be careful when using the term“data breach.” “Data breach” has a very significant legal meaning that requires immediate action and implicates various reporting requirements. Consider using the term “incident” or “event” until the breach is confirmed. 6. Logistics are key. As General Omar Bradley famously said, “Amateurs talk strategy. Professionals study logistics.” Many cybersecurity issues businesses deal with today can be avoided with early planning, and logistics are the most important part of preparation. 7. Attorney-client privilege does not always apply. Information communicated with outside professionals may fall under attorney-client privilege if attorneys hire them as consultants to the case. However, information disclosed to law enforcement or perhaps even an insurance carrier is likely not privileged. 8. Encrypt your data. A bank’s data is one of its most important assets. It is critical to encrypt your data using a strong encryption algorithm such as Advanced Encryption Standard (AES) and protect the decryption keys. In the event of a security breach, your data will be inaccessible without the associated decryption keys. From the relatively expected ransomware and phishing attacks to complex distributed denial of services (DDoS) and supply chain attacks, banks and other financial institutions are facing more cybersecurity challenges than ever. By creating a risk plan ahead of time, building a solid response team, and anticipating various types of attacks, financial institutions can mitigate risk and prevent the worst of cyberattacks. ■ “Many cybersecurity issues businesses deal with today can be avoided with early planning, and logistics are the most important part of preparation.” “Cyber issues affect everyone. Create a disaster recovery plan to help avoid data loss and minimize business downtime in the event of a security breach.” December 2022 | 9
RkJQdWJsaXNoZXIy ODQxMjUw