What is Your Company’s Duty to Prevent and Address Ransomware Attacks?

Malware is a constant threat to national security, and one attack can cripple a business. Ransomware makes valuable information vulnerable, requires enormous payments to retrieve the information, and can even result in civil liability. But there are ways to protect your business and limit exposure if a breach happens.

• • Encrypt your data. In many states, this protects you from liability if your data is hacked. Encryption limits access to data to only authorized people with the right key. In the event of a cyberattack, encryption makes data unreadable for third parties who do not have the right key.
  • Have a robust cybersecurity plan. A new DOJ initiative can hold companies accountable for putting U.S. information at risk by not providing enough cybersecurity protocols. The Civil Cyber-Fraud Initiative applies to all federal contractors and federal grant recipients. These individuals and entities should monitor and accurately report their cybersecurity services to avoid possible civil penalties.
  • Report incidents. There is no competitive advantage for any company to keep cybersecurity breaches to itself. The Department of Homeland Security and FBI encourage victims to report all cybersecurity incidents. You can report the following cybercrimes to FBI Field Office Cyber Task Forces:
    • • Computer intrusions or attacks
      • Criminal hacking
      • Espionage, sabotage or other foreign intelligence activity
      • Fraud
      • Identity theft
      • Intellectual property theft
      • Terrorist activity
      • Theft of trade secrets

Contact Walt Green or any member of Phelps’ Cybersecurity, Privacy and Data Protection team if you have questions or need compliance advice and guidance.