Top 3 Actions Every Middle Market Executive Must Take on Cyber Incident Response

Over the last sev­er­al weeks, as sum­mer wrapped up and our kids went back to school, I’ve been talk­ing with a great bunch of mid­dle mar­ket exec­u­tives in the greater Seat­tle-area. These folks fit the pro­file of our poten­tial cus­tomers: They’re cyber risk man­agers. But, rather than sell­ing to them, I’ve been doing research to learn more about their cyber­se­cu­ri­ty needs.

Credit: Horseshoe Bay Resort

Cred­it: Horse­shoe Bay Resort

Some sub­jects come up a lot, like cyber-insur­ance. And the large num­ber of ran­somware attacks. And emails try­ing to get some­one in finance to move a ton of cash on short notice to a dark cor­ner of our plan­et.

Every now and again I hear about a real­ly meaty issue, like whether to turn on full or par­tial encryp­tion for pro­duc­tion data­bas­es. Yet some things I expect (hope?) will come up just don’t.

Like cyber inci­dent response. (Although, a cou­ple exec­u­tives have men­tioned Yahoo’s all-time record-break­ing 500 mil­lion user account com­pro­mise.)

So, I’ve tak­en it upon myself to answer the ques­tion nev­er asked: “Kip, what are the top 3 things I should do at my lev­el to pre­pare for the big cyber­se­cu­ri­ty breach I hope will nev­er come?”

Glad you asked!

  1. Believe it or not, ear­ly detec­tion of a data breach saves you mon­ey. The longer it takes to dis­cov­er a breach, the more it costs to deal with. (Just ask Yahoo, who’s in the mid­dle of being acquired.) So your first step is to ask your man­age­ment team: “How good are we at detect­ing data breach­es?” If any­one answers “Great!” ask them to walk you through how they do it. Right now, very few of us are great at it. But this will give you some idea of where you are.
  2. Cyber­se­cu­ri­ty breach­es are packed with a lot of poten­tial lia­bil­i­ty issues. To reduce your risk, all types of non-rou­tine cyber­se­cu­ri­ty events that involve peo­ple out­side your orga­ni­za­tion should be dis­cussed under attorney/client priv­i­lege. So your next step is to have a con­ver­sa­tion with an out­side attor­ney who spe­cial­izes in cyber­se­cu­ri­ty and ask them for guid­ance.
  3. Unfor­tu­nate­ly, most com­pa­nies find out they’ve suf­fered a data breached by law enforce­ment, the news media, or a cus­tomer. Ouch! The only thing worse than bat­tling a data breach is when some­one else fires the start­ing gun! Maybe that’s why Yahoo sat on their 2014 data breach for two years before telling any­one about it. So your last step is to ask your head of pub­lic rela­tions if they’re ready right now to man­age a data breach that spins out of con­trol before you’ve even had a chance to under­stand what hap­pened.

What’s on your top 3 list?

Please note: I reserve the right to delete comments that are offensive or off-topic.