Posted In: Cybersecurity & Data Privacy & Cybersecurity & Data Privacy
on June 23, 2021
According to a joint study by Willis Towers Watson PLC and Clyde & Co. LLP, company directors believe the biggest corporate risks are cyberattacks and data loss issues.1 Cyberattacks ranked at the top of the five risks named in the study that surveyed directors working across the globe, including in the U.K., Europe, the U.S., and Asia-Pacific.
Why Cyberattacks and Data Loss Are the Largest Threats
The issues of cyberattacks and data loss have become increasingly prevalent due to pandemic-induced changes to working environments, thus it comes as no surprise that 56% of the director-respondents in the survey rated cyberattacks as a very significant or extremely significant risk.2 Data loss is listed as the second biggest risk to businesses, with 49% of the director-respondents identifying this issue as a very significant or extremely significant risk.3 The remaining items of the top five risks to businesses identified in the study include regulatory risks, health and safety prosecutions, and the risks of employment claims.
Online attacks and data loss have been listed in the top three risks of this annual study since 2016; however, 2021 is the first year that fears of cyberattacks claimed the top spot on the list. This rise to number one is largely due, at least in part, to the increase in cybercrime and the severe consequences for companies and their executives that fall victim to such attacks or mishandle consumer data. Additionally, the COVID-19 pandemic has created the ideal landscape for cybercriminals seeking to exploit the weaknesses of organizations adjusting to new procedures and systems, such as remote working arrangements.
The results of this study demonstrate the need for businesses to secure their technology. Organizations should be extremely cautious about the threat of cybercrime and exercise heightened levels of vigilance in this current climate centered around telecommuting and virtually-driven engagements. Supervisory authorities around the world are closely monitoring how businesses safeguard their computer systems and the private consumer information they hold. Businesses that ignore their obligations to protect the consumer information they process and those that fail to implement appropriate privacy policies, procedures, and cybersecurity measures run the risk of being attacked by cybercriminals and incurring financial losses resulting from regulatory penalties and hefty privacy breach lawsuits.
Ensure Privacy Compliance and Protect Your Organization From Cyberattacks
As companies navigate our new virtual-centric business landscape and become more committed to remote workforces, they must also find ways to address their increasing exposure to cyber risks. To mitigate this risk, organizations should consider some of these standard practices:
- Data Back-Up. Backing up data is one of the most cost-effective ways of making sure your data is recoverable in the event of a cyberattack.
- Secure Your Network. Operating systems and security software should be updated regularly to fix security flaws. Firewalls should also be used to act as a gatekeeper for all incoming and outgoing traffic.
- Monitor Your System. You should keep a record of all your equipment and how each device processes data. Sensitive information should be removed from any device or software that is no longer in use, and these devices should be disconnected from your network. Older and unused equipment that is not updated could serve as a backdoor for cybercriminals to infiltrate your network.
- Encrypt Data. Encryption anonymizes data into a secret code before transmitting it over the internet. Thus, businesses need to activate network and data encryption when storing and sharing consumer information.
- Cybersecurity Training. Employees are oftentimes the most vulnerable pieces within an employer’s network. Thus, it is crucial to educate your employees on how to identify, avoid, and respond to cyber threats.
- Use Multi-Factor Authentication. This verification process requires each user to prove their identity by two or more methods before granting access to their accounts on your systems.
- Implement Privacy/Security Policies. Your organization should have clear cybersecurity and privacy policies in place to guide employees on what is acceptable when processing data and using equipment. These policies also serve to inform consumers about how you process their personal information, which will most likely help your organization become compliant with applicable privacy laws.
- Ensure Customer Protection. As consumer data and privacy rights become more important, businesses must provide secure online environments where transactions can take place and private client information is not at risk of being compromised or leaked.
- Consider Cyber-Insurance. An adequate cyber-insurance policy can cover any financial losses resulting from cyberattacks. Cyber coverage can also insure your business against claims made by individuals or groups that may have been harmed because of your organization’s action or inaction.
If organizations fail to adapt to the current climate and cyber-related trends, cybercrime will continue to evolve, and cybercriminals will take advantage of vulnerabilities in your computer network.
How Brouse Can Help
No organization can eliminate all risks involving cyberattacks and data loss. However, certain policies, practices, and procedures can be implemented to significantly reduce your organization’s exposure to such risks. Brouse McDowell’s Cybersecurity and Data Privacy team can provide the guidance and tools you need to defend against cyberattacks and protect consumer information. Our cybersecurity team offers a variety of data privacy and cybersecurity services, including pre-breach and cybersecurity planning, cybersecurity and data privacy transactional services, data regulatory compliance services, breach response and disclosure obligation services, cyber liability insurance review, and any related litigation issues regarding cybersecurity and data breaches (investigation, defense, insurance recovery and response). Please contact us for more information and to learn how we can partner with you.
This blog is intended to provide information generally and to identify general legal requirements. It is not intended as a form of, or as a substitute for legal advice. Such advice should always come from in-house or retained counsel. Moreover, if this Blog in any way seems to contradict advice of counsel, counsel's opinion should control over anything written herein. No attorney client relationship is created or implied by this Blog. © 2024 Brouse McDowell. All rights reserved.