June Edition 2021

50 7. Assess Need for Threat Hunt; 8. Robust employee training/education After any significant data security incident, companies should consider bringing in a third party forensic firm to do a “threat hunt” to ferret out any threats within the system. Many companies treated the migration to a work from home environment as an incident and took this step. The migration back into the office may cause an uptick in attacks as well as hackers try to profit from workforce disruption of any type. Attackers have moved to more sophisticated human engineering methods (i.e., spear phishing/ spoofing emails, Office 365 Robust employee training/education. With phishing emails up more than 35 times once Covid hit, educating employees on these methods and to be on high alert for them, including senior management and IT professionals, is more important than ever. 9. Review SEC Disclosures in Light of Recent Activity; If your company disclosures and risk factors speak only of a hypothetical threat, assess whether to update those if you have had a actual incident. Indeed, you may want to update them in any event even if you haven’t had a material event, just to note that from time to time the company has indeed suffered a cyberattack or intrusion. This may decrease the odds that an 8K must be issued in any future attack.

RkJQdWJsaXNoZXIy MjgzNzA=