In these dark days of war in Eastern Europe, it is sad to say that the risk of cyberattacks is heightened. It is important to remain vigilant and to ensure all necessary proactive steps are taken to protect data, including:
- Revisit your risk profile and, if you are a processor holding personal data for other organisations, their risk profile. In this current crisis some organisations might see the likelihood of a cyberattack increasing due to the type of personal data they hold, or the type of business they do.
- Assess if the protections you are affording to critical personal data and business continuity are in line with data protection and NIST obligations, if applicable.
- Review your security incident procedure to ensure it is fit for purpose and in line with your updated risk profile.
- Ensure adequate levels of cyber insurance are in place.
- Consider backup and business continuity arrangements in the event of loss of power or ransomware attack.
- Ensure arrangements with third parties who may be called upon to support on a breach (outside counsel, PR, customer support) are in place.
- If you are a processor, liaise with clients whose risk profile is likely to be affected to discuss any additional protective needs.
Please get in touch with HewardMills if you would like to discuss any of the points raised in this article. We have the skills and experience to support you.