The ECOVIS ProventusLaw Data Protection, Cyber, and IT Security, Operational Risk Team has drawn up the following list of recommendations on how to increase cyber resiliency, both for businesses and consumers.
Recommendations for Business
- Implement breach detection, investigation, and internal reporting procedures at your company. You will be prepared in advance for crisis management and this will facilitate decision-making, responsibilities etc.
- Keep a record of any personal data breaches, and an investigation report.
- Report known personal data breaches to the relevant supervisory authority. This must be done within 72 hours of becoming aware of the breach.
- Where feasible, ensure fair communication with affected data subjects and explain to them how to mitigate the risks.
- Ensure both external and internal communication about what has happened.
- Make an action plan on how to prevent similar issues in the future.
- Train your staff.
- Use the salt (cryptographic) method for passwords, where certain characters are inserted in each password during encryption. This makes stealing the password hashes worthless.
- Ensure continuous monitoring of IT systems and improvement of cybersecurity systems.
- Perform regular IT security tests and/or audits.
- Change a leaked e-mail password.
- Do not use the same passwords for different logins on different systems.
- Do not use work e-mail accounts for personal services.
- Use a password manager to create different passwords for all sites.
- Consider changing personal documents (to prevent your data from being used for fraudulent purposes).
- Warn relatives of possible cases of fraud and false reports against them.
- Do not distribute or share stolen personal data or references to it, as such behaviour only adds to the crime committed.
For further information please contact:
Loreta Andziulytė, Attorney at Law, Partner, ECOVIS ProventusLaw, Vilnius, Lithuania