Every month, Utah Business hosts roundtable events featuring industry insiders. This month they invited the top cybersecurity and digital privacy specialists to discuss security breaches, privacy tools, and mitigating damage. RQN attorney Elaina M. Maragakis was invited to present at the roundtable discussion. Here are a few highlights from the event as cited in Utah Business.
CYBERSECURITY AND PRIVACY ARE TERMS THAT ARE USED INTERCHANGEABLY. WHAT IS THE DISTINCTION?
Elaina: The privacy end of it would be things like, can we monitor this employee’s email? And what kinds of accounts can we get into? What kind of information can we ask a candidate or employee for? Can we put up this video camera? Can we turn the audio on? And the other related issue is really what is private information? Which we all know is vast, and if we get into Europe we’re in a whole new ballgame because everything is private information.
WHAT CAN BUSINESSES DO TO PREPARE FOR CYBERSECURITY INCIDENTS?
Elaina: You have to think, ‘it’s not if, it’s when.’ When you have a cybersecurity incident, you are in a business continuity, and in five days or less, you’re in disaster recovery, and in seven days or less, you are out of business. Why? Because we often underestimate what the incident is. Did it get our online storage backup? Oops, that was our plan to recover. What’s the cost to remediate? And now your offline revenue isn’t there, and now you have to pay somebody to come in and figure it out, and now you’re seven days in, and that’s too long for a lot of small businesses.
WHAT CAN COMPANIES TO DO MITIGATE REPUTATIONAL HARM WHEN A CYBERSECURITY INCIDENT OCCURS?
Elaina: I have seen breaches happen that are the fault of the employer, and it was so well managed that those who were the subjects of the breach actually were coming back and thanking the company. It’s communicating. Having someone. It depends on the size of the breach and the size of the company, but having someone making calls just to talk to a human being, giving out resources. Just simple things like identitytheft.com. Really having a touch point.