Knowledge

Welcome to the Knowledge Portal. You can browse, search or filter our publications, seminars and webinars, multimedia and collections of curated content from across our global network. Create an account and set your email alert preferences to receive the content relevant to you and your business, at your chosen frequency.

28 juni 2021 Crisis Management - Cyber Security

5 Steps You Can Take Today to Improve Your Organization’s Cybersecurity Preparedness

Critical Cybersecurity Elements: Ensure that your organization is aware of changing regulatory attitudes to the most critical cybersecurity elements (e.g. multi-factor authentication, endpoint detection and response, encryption and vulnerability patching) and has implemented them in line with an informed and agreed risk appetite.
Audit: Understand what internal and external audit reports say about your organization’s security posture, including when benchmarked against peers. If you have implemented the critical cybersecurity elements, use audit to ensure that the implementation is truly across-the-board, as this is often not the case. Hackers hunt for vulnerabilities and seize upon them.
Tabletop Exercises: By now you should have a clear incident response plan for cyber incidents, including a clear communications and decision-making framework. But if the executives have not been through a simulation in which the company is taken through an incident, the plan may not be helpful or realistic. Plan a session in which the Board/C-Suite (and those advising them) participate in a tabletop exercise. Ask the hard questions, like who signs off on whether to pay a ransom or not.
Incident Response Partners: To respond to a cybersecurity incident, you’ll need a technical incident response vendor (not your IT vendor), a law firm familiar with incident response, a public relations firm, perhaps a ransomware negotiation firm, and perhaps a client notification firm. Picking these firms and negotiating contracts with each of these takes time, and spending that time before a crisis arises is highly recommended.
Legal and Regulatory: Invariably, a breach involves notification to third parties and regulators. Although most organizations will not undertake a proactive, drains-up approach to cataloging 100% of their notification requirements, it makes sense to understand key obligations and how you would approach them in practice. Now is the time to understand your regulatory, contractual and other notification responsibilities and priorities.

Download the PDF

Our lawyers are enthusiastic, committed people who relish the challenges and opportunities that they encounter every day.

Search for a lawyer by name or use one of the filters.

Our business team members are enthusiastic, committed people who relish the challenges and opportunities that they encounter every day.

Search for a business team member by name or use one of the filters.

5 Steps You Can Take Today to Improve Your Organization’s Cybersecurity Preparedness

Kontakt

Related Content

Our lawyers are enthusiastic, committed people who relish the challenges and opportunities that they encounter every day.

Search for a lawyer by name or use one of the filters.

Our business team members are enthusiastic, committed people who relish the challenges and opportunities that they encounter every day.

Search for a business team member by name or use one of the filters.

5 Steps You Can Take Today to Improve Your Organization’s Cybersecurity Preparedness

Kontakt

Related Content

You will need to log in or register to view the content

Register

Reset password

Log in