Thousands Hacked: New Cyber-Attacks Affect Organizations Big and Small

Ward and Smith, P.A.
Contact

Ward and Smith, P.A.

Friday afternoon, reports surfaced that a foreign nation had compromised newly-discovered flaws in the Microsoft Exchange Server email software and breached the cybersecurity efforts of more than 60,000 known victims.

Unlike previously reported hacks linked to espionage and high-value organizations, such as the federal government and large corporations, this one involved the private data of small businesses and local governments.

This attack is on the heels of the SolarWinds' software breach and makes it unambiguously clear that American companies of all sizes and industries are targets for (and vulnerable to) this kind of cybersecurity hacking; directly and through vendor software. The all-in business and legal costs associated with such breaches regularly reach into the millions of dollars according to the Ponemon Institute's most recent study.

The Institute also found that planning and protective steps on the front end by businesses can dramatically reduce these costs. Proactively planning for these risks can also help minimize the possibility of a breach and avoid the potential double victimization of a data breach: first by the breach itself, and then the legal liability, compliance costs, and regulatory enforcement actions. These breaches, and the related costs, are yet another illustration of the need for all businesses to include cybersecurity and privacy compliance as part of their risk management strategy. Currently, all states have data breach notification statutes, and many states require businesses—even small businesses— to provide a certain level of protection to personal data. Regulated industries and sectors, such as Healthcare, Financial Institutions, and Education, often have specific security requirements and privacy regulations with which they must comply.

Privacy and Security Policies, both technical and procedural, should be reviewed no less than annually to ensure continued compliance with all applicable laws and to best position an organization to minimize and mitigate the impacts of a breach.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ward and Smith, P.A. | Attorney Advertising

Written by:

Ward and Smith, P.A.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Ward and Smith, P.A. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide