June Edition 2021

48 1. Review the Company’s Cyber Policies and Incident Response Plan 2. Review Cyber Insurance and Ransom Coverage. 3. Evaluate Wire Transfer Protocols; The time to figure out the company’s response and who is in charge of what aspects is not in the midst of a crisis. Have a written plan that sets forth exactly what role each employee will have in the event of a breach, including involving legal counsel early in the process to preserve attorney-client privilege over the investigation. If you haven’t reviewed your company’s cyberinsurance policy in the last couple of years, now is the time to do it. Policies have changed considerably. Be sure that your policy covers ransom and that the level of the policy is adequate to meet the increased amount of ransom demands. With business email compromise incidents on the rise, be sure that anyone at the company in a position to wire funds or make payments is attuned to phishing emails and cyber fraud. Wiring payments should never be changed based upon an email. Follow up by calling the vendor’s contact with the contact information in the system (not what is shown on the emailed invoice) should be verified before payments are made. For large amounts, wire $1 first and then call to verify it went to the right recipient before wiring the rest of the payment.