First, be sure to read up on the most common kinds of cyberattacks, and check out six things your business can do to prepare, with expert advice from Susan Giffard , Director of Treasury Management & Government Banking at Camden National Bank, Rob Simopoulos, Co-Founder of Launch Security, and Tony Perkins , Attorney and Chief Information Security Officer at Bernstein Shur.
What can you do if a breach happens at your business?
Despite the best preparation, a breach may still occur. Tony Perkins shares that laws vary by state, but currently, 48 of the 50 states have data breach notification laws, and each is somewhat different. In general, state laws dictate what needs to happen in various industries in order to avoid liability for a failure to alert customers, clients, and/or employees of a suspected data breach.
In addition to following your state laws, Tony Perkins recommends several strategic steps in the event of a suspected data breach:
- Technical assessment of what occurred and steps to prevent further breach or harm
- Appropriate team of responders – outside IT professional, attorney, C-level staff
- Evaluate data breach notification statutes – you may need to comply with more than one state statute based on residence of customers and employees impacted
- Appropriate notice to insurance carrier
- Action plan based on findings, including potential notice to parties impacted
- Potential notice to governmental officials or agencies depending on statutory requirements
- Documentation of all steps taken and maintenance of records of all technical findings, notices and communications
However – remember that one size doesn’t necessarily fit all in the event of a breach. It is important to have your business’ plan in place before an attack happens so that your team is ready to take the right steps for your company, employees, and customers. It’s also important to establish ongoing evaluations of all aspects of your data technologies, service provider contracts, insurance coverages, and employee trainings. Tony recommends repeating these evaluations on a regular basis to stay on top of best practices and legal requirements.
If funds are transferred to a fraudulent account , it’s important to act quickly. Susan Giffard recommends that you contact your financial institution immediately. They may be able to contact the corresponding financial institution where the fraudulent transfer was sent. You can also contact your local Federal Bureau of Investigation (FBI) office if the wire was recent. The FBI, working with the United States Department of Treasury Financial Crimes Enforcement Network, might be able to help return or freeze the funds. Regardless of the dollar loss, you can also file a complaint with the FBI’s Internet Crime Complaint Center(IC3). The IC3 reviews and researches complaints and distributes information, as appropriate and applicable, to law enforcements or regulatory agencies with jurisdiction.
October was National Cyber Security Awareness Month, and Camden National Bank partnered with Launch Security and Bernstein Shur to offer expert advice on managing fraud and cybersecurity for local businesses. For more information and advice, please reach out to our panelists:
Susan Giffard, Director of Treasury Management & Government Banking at Camden National Bank
Rob Simopoulos, Co-Founder of Launch Security
Tony Perkins, Attorney and Chief Information Security Officer at Bernstein Shur