As information about the recent data breach at the Louisiana Office of Motor Vehicles (“OMV”) continues to develop, it is important to take this opportunity to identify, or establish, data safety measures to protect you and your company as well as your customers from having their information exposed in a similar way.
The information of millions of Louisianians was recently compromised by the cyberattack, and there is now evidence that the United States Department of Energy and Office of Personnel Management were affected as well.
Although you may think that your company is an unlikely target for hackers like to ones who targeted the MOVEit Transfer system that was the subject of the attack on OMV and other entities, it is important to remember that your company is not just a communications company, construction company, or energy company. Although your primary trade may involve drilling in the Gulf or increasing the profile of the Houston skyline or building residences, you also deal in sensitive information for your company, your employees, and your customers.
Odds are good that your bank account information is stored electronically, and odds are also good that a hacker would love access to your accounts. You also likely have your employees’ Social Security Numbers, dates of birth, addresses, bank account information, and other personal information stored in a similar way. Your customers have likely provided your company with their bank account information as well for payment purposes, and you likely have several other pieces of information from them that a hacker can put together to cause them great deals of grief.
Again, this is an opportunity to identify or establish data safety measures to protect these pieces of information as well as they can be protected.
Here are four key points to make sure you consider as you shore up your company’s data protection measures.
Although hackers are a serious concern, data protection policies also need to account for inadvertent disclosure of sensitive information as well as physical actions that can cause the exposure of sensitive information. Communicate with your employees, and make sure that they are aware that they are integral in protecting their company, their customers, and themselves from the threats of inadvertent or intentional disclosure of sensitive information.
Information technology is commonly understood to be the technology used to create and store information, and that storage can be onsite or remote. It is important for each person in your company to know what resources the company has access to as far as creating and storing information and how to respond if they think that the information is at risk.
This can be as simple as making sure that your employees know who in your company to bring concerns to, but it should be a dedicated team effort that brings together individuals with expertise in information technology, data security, compliance requirements, and legal issues.
Your plan needs to effectively and honestly communicate the developments with all affected audiences. Every detail that you provide to the affected parties may be key in helping them protect themselves. These details include the timing of the breach as well as what information was compromised. Your plan should also account for the likelihood that an affected party’s email account will be compromised. As such, you should consider using letters and phone calls to provide notice as well. Your communication plan should include designating a specific person who will have the most up-to-date information about the issues and having that person be responsible for disseminating information and responding to inquiries.
Your plan should address how you notify and cooperate with the appropriate local, state, and federal law enforcement agencies as well as your insurance carrier and legal counsel. This will allow them to initiate their investigations and to assist you with your response.
If you would like to learn more about how you and your company can minimize the risk of a data breach and strengthen your response to one, please contact Gordon Arata. Our team stands ready to assist you.