In April, Corporate Secretary suggested ways corporations can protect their data. However, in the wake of the recent security breaches at Sony, Epsilon, NASA and Citi, the outlook for information security on the internet has turned decidedly grey.
’80 per cent of organisations suffered network breaches in the past 12 months,’ says Melissa Krasnow, a corporate partner with global business law firm Dorsey & Whitney’. ‘[Smaller] breaches, in addition to these high-profile ones, are occurring frequently.’
You may not realise it now, but security breaches can happen at anytime.
According to ‘Perceptions About Network Security’, a survey released in June that tracked security breaches in the US, the UK, France and Germany, roughly 90 per cent of the 583 companies polled claim that they’ve experienced a network security breach by hackers at least once in the past year. The survey also suggests these attacks can be costly as 41 per cent of respondents say their company spent $500,000 or more to repair the damage incurred.
Krasnow, who is also a Certified Information Privacy Professional, provides a few practical steps corporate secretaries should follow in order to respond to a data breach:
(i) Be cognisant of the types of personal data covered by 46 state data breach notification laws, including social security numbers, which could belong to a shareholder, board member, employee or customer.
(ii) Determine whether your company has procedures in place for responding to a possible data breach and help make sure those procedures are complied with on a regular basis.
(iii) Carefully think through all communication about the data incident or breach, by taking into account SEC and related disclosure requirements, and coordinating with your company’s privacy office, information technology, internal and external public relations professionals, the legal department and outside counsel.
(iv) Consider cyber-insurance coverage; your company’s insurance broker can provide more information. This can help ease insecurities that may arise.
(v) After a data incident or breach, review company policies, procedures and practices to determine whether any changes are warranted.
The report, conducted by Ponemon Research and sponsored by equipment and software firm Juniper Networks, calculates the threats companies face in protecting themselves from these unlawful intrusions.
Not surprisingly, 59 per cent of the surveyed companies — which range from organisations with less than 500 employees to those with more than 75,000 — experienced two or more breaches within the last year.
As cyber crimes continue to escalate, it’s important for corporations to learn important lessons before hackers penetrate deep into their data system and silently steal information – at anytime.
[Article by Aarti Maharaj, Corporate Secretary]