The trend is clearly growing: Cyber threats. Security hacking. Data breaches. Attacks among corporate competitors, political gamesmanship, massive information leaks. As technology continues to evolve rapidly, opportunities to infiltrate evolve along with it.
According to the Pew Research Center: “A majority of Americans (64%) have personally experienced a major data breach, and relatively large shares of the public lack trust in key institutions to protect their personal information.”
For years many of us have trusted sensitive information (business and personal) to countless entities – Google, Facebook, Apple, virtually any online retailer or provider. Meanwhile, Wikipedia’s “List of cyber-attacks” is deep and wide: the U.S. government, Visa, MasterCard, Sony, Yahoo, Adobe, LivingSocial, Subway, Home Depot, many more.
Today we’re hearing more frequently from small- and mid-size businesses dealing with breaches, potential breaches, and other digital security issues. One incident can destroy a small business (and worse). A study by Small Business Trends says close to half of cyber attacks target small business, and more than half of small companies go out-of-business within six months of a cyber attack.
Fortunately, a new breed of Tampa Bay area cyber professionals is emerging to help local businesses with growing and changing needs. One we’ve had the pleasure of working with is attorney Frank Santini with Trenam Law, which recently announced launch of its Cybersecurity Practice.
The Trenam Cybersecurity team assists clients in the range of legal and business considerations related to data security, developing cyber breach prevention plans and counseling in the event of a breach. The law firm also works with technical specialists, communication professionals, and insurance providers to tailor comprehensive services.
Santini worked with us to pull together some starter tips and considerations for businesses to build some protection against cyber threats:
1) Prepare Ahead. Preliminary measures save costs and hassle. This might include conducting a thorough audit on pre-breach security, self-governance through strictly-enforced policies and procedures, and insurance assessment – then crafting preliminary plans and response strategies. As part of this preliminary planning, a few examples of precautionary action items could include:
- Help staff brush-up on strategies for safer passwords.
- Explore/consider cyber security insurance.
- Maybe setup a virtual private network.
2) Know What’s Required. Communicate with audiences promptly and clearly. Different fields and industries require different responses and mandatory breach notifications. Identify who all needs to be informed of what – from affected individuals to law enforcement and your insurer.
3) Designate Crisis Manager(s). Identify roles, per crisis scenarios, not limited to: central-point-of-contact, planner, manager, communicator, and final decision-maker. When Santini serves as crisis manager he wears many hats – defending in litigation and regulatory proceedings, coordinating technical remediation, facilitating forensic investigations, and advising on public relations efforts.
4) Don’t Stop at Legal Compliance. In a constantly changing world of cybersecurity, understand federal or state laws may not evolve as rapidly as emerging threats. Be mindful of who has access to what information, and what you and your staff and representatives share via social media and other digital platforms. Ensure greater protections by researching and implementing best practices for your business sector. This might involve proactively designing protocols for data security, sharing and use of data, e-discovery readiness, and/or records retention.
5) Monitor and Adapt. Regularly review and revise internal policies to adjust to new technologies and practices, from changes in your operations to trends in your industry.
About Frank Santini:
Frank Santini is an attorney with Trenam Law. He concentrates his practice in the areas of cybersecurity, commercial litigation, and personal injury. Frank’s cybersecurity practice focuses on working with small and medium-sized businesses in cybersecurity compliance and litigation avoidance. Frank approaches his cybersecurity practice holistically, endeavoring to work in tandem with cybersecurity forensic experts, insurers, public relations and c-level executives to minimize any damage that may be caused by a data breach. Frank also assists businesses seeking a proactive approach to cybersecurity and interpreting the ever-changing cybersecurity laws, regulations, and business-sector-based standards, including drafting policies and procedures.
Among involvements, Santini is a member of the Florida Chapter of InfraGard – a nonprofit partnership between the FBI and the private sector dedicated to the protection of critical infrastructure between cybersecurity threats. For more information: www.Trenam.com.