In a world already exhausted by the unrelenting pandemic, the holiday season offers the promise of a reprieve for some. Unfortunately, the holiday season is also a time when cyber criminals are particularly active as most people try to unplug and take some well-deserved breaks from work.
To add fuel to the fire, the number and costs of attacks are increasing significantly:
- The number of known cyber-attacks increased by 151% in the first six months of 2021, and the average cost for a data breach was $6.35 million per breach
- A settlement of over $200 million was recently confirmed for the data breaches involving Desjardin
Given the significance of attacks, organizations must take action to mitigate the risks and impact of a successful attack.
Here are some quick reminders of the key steps organizations can take:
- Assess: If your organization has not recently worked with a qualified cybersecurity firm to conduct an assessment of your infrastructure for gaps, now is the time. Cyber criminals scan for vulnerabilities and a weak system puts you at a high risk of attack. An assessment can help you understand your vulnerabilities and how to address them.
- Train: People are our strongest asset but are also often our weakest link when it comes to cybersecurity. Everyone plays a role and needs to clearly understand the risks and what they can do, and they need to be reminded regularly.
- Back up: It is critical to have an appropriate back-up plan in place. Your back-up should be regular, replicated, and off-site. Assuming you have an appropriate plan in place is not enough – ensure that your critical information is backed up appropriately.
- Insure: The financial impact of an attack can be devastating. Make sure you have appropriate cyber insurance coverage in place.
- Plan: No matter what, you cannot eliminate the risk of an attack. Prepare in advance by making an incident response plan and practice so you’re ready.
There are a number of guides and checklists available to help organizations protect themselves against cyber-attacks — the Canadian Cyber Security Centre is a good place to start.
Read our 10 Steps to Prepare Your Organization for a Ransomware Attack blog for more information.
Organizations may wish to work with experienced legal counsel and information technology professionals to aid them with any of the foregoing steps. We have assisted many organizations with developing and implementing their programs and can help you respond to ransomware and other cyberattacks and breaches. Please contact our privacy and cybersecurity team for assistance with reviewing your organization’s cybersecurity program or responding to cybersecurity incidents.
Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.