Security breaches have become more and more common. While companies are struggling how to protect and manage their digital information in the cloud, the International Chamber of Commerce turned to Ethan for best practices in its Commercial Crime International’s October 2016 issue. Therein, Ethan provides insight into how companies should be managing their digital information:
Commercial Crime International – October 2016
“Ethan Wall, a Florida-based social media risk lawyer, stressed to CCI that there is a risk a cloud server could be damaged, or a device connected to the cloud stolen or hacked and result in compromised information. As a result, even cloud-using companies need to have both proactive and detective safety measures, as well as a reactive contingency plan in case their cloud service is compromised, he recommends.
* * *
Wall recommends companies using IT and holding significant volumes of data purchase cyber security liability insurance, saying that “there are many legal issues that can arise in the event of a server breach if there is confidential or customer information contained on those servers. If there is a breach, there are certain types of insurance coverage that can be purchased to guard against those types of risks.”
* * *
In terms of reactive safety measures, Wall says that it is good practice to assume a worst case scenario and devise a quick and calculated response plan to hacks or virus attacks, whether they emerge from a cloud or in-house servers.
“There should be procedures in place as part of a company’s cloud based policy that say employees need to notify human resource or IT professionals immediately on first belief information has been compromised. If a device that’s connected to the cloud has been stolen, for example, human resources or your IT person should be able to remotely shut down that particular device or limit access from that person’s username and password to the cloud. If hacked, authorities should be notified and there should be a plan to deploy certain cyber defense strategies to contain the breach,” he said.
“From a proactive standpoint, if a company owns their own servers, it is best practice to have the servers stored in two different locations, so if, for any reason, the server in one location is compromised or damaged, the company is not offline. It’s also a good idea for companies to consider storing their own servers in bunkers,” he advises.