Rancho Mesa's Alyssa Burley and Vice President of the Human Services Group Sam Brown discuss what organizations should do if they’ve had a data breach.

Show Notes: ⁠Subscribe to Rancho Mesa's Newsletter⁠

Director/Host: ⁠Alyssa Burley⁠

Guest: ⁠Sam Brown⁠

Producer/Editor: ⁠Megan Lockhart⁠

Music: "Home" by JHS Pedals, “News Room News” by Spence

Transcript

[Introduction Music]

Alyssa Burley: Hi, this is Alyssa Burley with Rancho Mesa's Media Communications and Client Services Department. Thank you for listening to today's top Rancho Mesa News, brought to you by our Safety and Risk Management Network, StudioOne™.

Welcome back, everyone. My guest is Sam Brown, vice president of the Human Services Group with Rancho Mesa. Today, we're going to talk about what organizations should do immediately after they discover they've had a data breach, and we're talking cybercrimes. Sam, welcome to the show.

Sam Brown: Thanks for inviting me in today. This will be good.

AB: Of course. So we just did an episode on the podcast recapping our popular workshop, Cyber Liability explained: Hacking Trends for 2023, presented by Beau Bechelli from Evolve MGA. And I recommend listeners go back and listen to episode 328, where we highlight some of the key information that he shared.

Things like the cost of cyber attacks, the most common types of attacks, and practical ways to help reduce the threat of a breach. So, I'm really glad that we're going to talk in depth about this today and what to do if it happens to your organization. It can be very stressful and you'll likely feel helpless when this happens.

So what's the first thing someone should do when they realize their data has been compromised?

SB: The first thing that I would recommend the affected party do is call their insurance agent, and the insurance agent is going to advise whether they have cyber liability coverage policy itself or not. If they can't get a hold of anybody at the agency, which hopefully wouldn't happen, but you never know.

I would say refer to your cyber insurance policy and call the claim hotline that you see there right away.

AB: Alright. So after they let their insurance agent know, what's the next thing that the organization should do when they've had a data breach?

SB: So the Federal Trade Commission offers a really helpful guide, and so that's really guiding my responses to your questions today. It was really educational for me to look through this guide, and the first thing it recommends is securing operations. So, that may have a few steps that are going to be applicable. So, for any physical areas that need to be secured, you may want to put on new locks or establish new access codes. You definitely want to take all affected equipment offline immediately. Basically, stop the bleeding here. Don't let one breach turn into multiple breaches and you want to remove improperly posted information from your organization's website. So if the threat actor, which is what we call the cyber criminals, takes the information out and thinks they're being funny and puts the information all over your website, you want to take that down immediately assuming you still have control of your website. And then you also want to do an Internet search and look for sensitive information that may have been exposed just out there on the web and try to contact those websites and ask them to remove it.

AB: Yeah, those are all really good suggestions and it's something that we don't think about often, you know, actually securing the physical location because it could be caused by someone who's actually in your office. So, you know, change those physical locks and things like that and obviously take those computers offline.

Alright. So, we know that we need to cut off access to the network both digitally and physically, as soon as possible to prevent further harm. So I know this suggestion doesn't really help if the data breach has already happened, but turning off your computers at the end of the workday can help prevent a cyber criminal from accessing your computer after hours and then having the entire night to do whatever harm they want to without anyone really noticing.

So, if that is not a policy for your organization, it might be a good policy to implement. So everyone knows to turn off their computers at night.

SB: Right. And I know we have that policy here at Rancho Mesa, and I know that I get my hand slapped periodically if I forget. So it is one we try to adhere to very closely.

AB: Yes, it is. So, Sam, what should happen next if an organization finds themselves in this situation?

SB: So the next step would be to address the vulnerabilities that were compromised. So, that may include contacting the organization’s service providers, especially if that service provider was somehow involved, then we want to make sure that they're aware of it and that if there's any key information or sensitive information that they have that belongs to us, the affected organization, then we may need to change their access to that information right away.

We also want to determine if the breach is contained and then assess the status of our backup data. So that would be a really key piece during this process to understand if that backup data is still valid. And then lastly, begin any corrective measures as soon as possible. Do not do not delay that step.

AB: Alright. So now that we've contacted the insurance agent, secured operations, and addressed vulnerabilities, what does the organization need to do next?

SB: So that would be notifying the appropriate parties. That may include law enforcement, other affected businesses, and affected individuals. What's important to note here is that if there is cyber liability insurance and you have that policy and coverage is triggered, the insurance company is going to play a really key part in this process.

They're going to make sure that you are compliant with state and federal laws and they're going to pay for those notifications. So, I want to say that so that no one incurs those costs on their own without the insurance company’s involvement.

AB: Yeah. And this is the part that seems so daunting contacting law enforcement and vendors that might be affected, customers and employees. So many people need to be notified when there is a breach. And I think it's at this point that organizations are relieved when they realize, oh, we do have cyber insurance. It's not all on us. You know, they can really rely on the expertise of, you know, the legal counsel that's provided to them by the carrier. I think that's really important to remember.

So, if listeners want to learn more, we'll have a link to view our Cyber Liability Workshop video in the episode notes for this episode, and it's available also on our Rancho Mesa website under the workshops and webinars page. So please listeners, take advantage of that. It is a really good workshop to listen to. Are there any other resources that you think our clients or our listeners might find useful?

SB: Yeah, I would say that if you have purchased a cyber liability policy, those insurers are offering more and more resources to help their policies avoid a claim altogether. Many of those resources are free. Some are at a discounted price, but they obviously want to throw every resource they can to help ever having to pay out on a claim, which means just avoid the claim altogether, as well as the guide that I mentioned on the Federal Trade Commission's website is really helpful and goes into greater detail than we cover today.

AB: Alright. And I think that we can put a link to that guide in the episode notes as well. So, Sam, if listeners have questions about their cyber liability, what's the best way to get in touch with you?

[Closing Music]

SB: I can be reached at (619)937-0175 or sbrown@ranchomesa.com.

AB: Alright. Well, Sam, thanks for joining me in StudioOne.

SB: Thanks for having me.

AB: This is Alyssa Burley with Rancho Mesa. Thanks for tuning into our latest episode produced by StudioOne. For more information, visit us at ranchomesa.com and subscribe to our weekly newsletter.