Pay now without Registration/logging in!
*Disability Liability policies are not yet supported
Topics: Agent Resources AmTrust News Cyber Liability
Summary: Falling victim to a data breach is a stressful, costly situation for businesses of all sizes. In this article, we'll focus on how to respond to a cyber attack and what to do after a data breach. Download PDF Version
If you have cyber insurance, your provider may offer in-house expertise and services specifically tailored to enhance the cyber response and defenses. When a cyber event happens, your insurance company may have experts who walk you through the proper response steps. AmTrustCyber has a 24/7 response team ready to help our insureds defend against and recover from cyber threats to their business. If your business is the victim of a data breach and you're wondering how to respond, consider the following steps to help minimize the damage:
You should change all affected or vulnerable passwords immediately. Use a password manager and create new, strong passwords for each account, and refrain from reusing the same passwords on multiple accounts. That way, if a data breach happens again in the future, the damage may be limited.
If you are one victim of a broader attack that's affected multiple businesses, follow updates from trusted sources charged with monitoring the situation to make sure you know what to do next. Whether you're part of a broader attack or the sole victim, you'll also need to determine the cause of the breach within your specific facility so you can work to help prevent the same kind of attack from happening again. Ask yourself:
You may be able to pinpoint how the breach was initiated by checking your security data logs through your firewall or email providers, your antivirus program, or your Intrusion Detection System. If you have difficulty determining the source and scope of the breach, consider hiring a qualified cyber investigator - it may be worth the investment to help protect yourself moving forward.
Identify those affected by the cyber breach
You'll also need to find out who may have been affected by the breach, including employees, customers, and third-party vendors. Assess how severe the data breach was by determining what information was accessed or targeted, such as birthdays, mailing addresses, email accounts and credit card numbers.
Educate your staff about data breach protocols
Your employees should be aware of your business's policies regarding data breaches. After discovering the cause of the breach, adjust and communicate your security protocols to help ensure the same type of incident doesn't occur again. Consider restricting your employees' access to data based on their job roles. You should also regularly train your employees about how to prepare for a data breach or avoid a data breach in the first place.
Notify managers and employees of the breach
Communicate with your staff to let them know what happened. Define clear authorisations for team members to communication on the issue both internally and externally. Remaining on the same page with your team is crucial while your business is recovering from a data breach. You may need to consult with legal counsel to figure out the best way to let your customers know about the breach.
If you have cyber insurance, notify your carrier
Cyber insurance is designed to help you recover from a data breach or cyber attack. Contact your carrier as soon as possible to see how they can help assist you with what to do after a cyber attack. If you don't have a cyber liability insurance policy, AmTrust's appointed agents can assist you in the process of selecting cyber liability coverage that could help with costs associated with addressing future cyber incidents as well as identifying potential cyber exposures.
Emphasize your willingness to be transparent with your customers by considering a special action hotline specifically to address questions from affected individuals. Communication can be key to maintaining positive, professional relationships with your patrons. A data breach can be stressful, but as long as you take the right steps, your business will be better prepared to recover successfully. Moving forward, conduct frequent security checks to help reduce the likelihood of an incident occurring again in the future.
Ensure your businesses takes time to review and update information security policies, business continuity plans, and data breach response plans and regularly communicates with employees about them.
If you discover you are the victim of a fraudulent incident:
AmTrust provides cyber insurance for small businesses to protect them in the event of a data breach or any type of cyber incident. For more information about cyber liability coverage, please contact us today. This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.