YOSEMITE associates logo v2

Fast Way to Lose Company Value - Handle a Data Breach Poorly

Protecting your company value and net worth

At a recent meeting, an FBI cyber specialist had a clear message for business owners. He shared, it's not a matter of if your company will be hacked, it's a matter of when and how you will respond.

More companies today are finding that despite the fire walls and security protocols, hackers and sometimes even employee insiders are causing data breaches that are crippling businesses for hours or days and in so doing, dragging down company value. Our jobs as leaders is to protect the profits of our businesses and we certainly take precautions to avoid a cyber hack. But we also have to be prepared for the unthinkable.

Have a playbook, prepared ahead of time. Effective planning isn't done when you're in the middle of the fire, it's done when you have the peace of mind to think clearly. Follow these tips in putting together your company playbook for recovering from a hack:

- Discuss security protocols with your 3rd party IT partner who manages your networks and data storage. When is the last time you reviewed these protocols to ensure all precautions are in effective?. Review the approval process (written AND verbal) required between your companies for authorizing a change to the network or a deletion of a file backup. Avoid a third party or a rogue employee from being able to give directives to your IT partner. Also discuss having 2 independent back ups for your data, one gets hacked, you still possess the other.

- Know what champion you'll assign to work with your 3rd party IT partner to fully investigate what was breached. It will be critical to know exactly what type of breach occurred as this will dictate the extent of your response. Did the hacker simply lock you out by encrypting the data or did they actually transfer and take control of it? Did they take customer or supplier files, engineering files, source codes to software or even employee records?

- Parallel path to knowing what happened, you obviously want to be working on getting your system/network back on line to minimize disruption to your production or services.

- Know who on your team will reach out to a lawyer that you have identified from your planning that you will call. You will want to ensure that steps you are taking and communications you will have to have with stakeholders (customers, vendors, employees) will be professionally and effectively managed. A misstep in handling a breach could compound the cost and the headaches of recovering.

- If you have a cyber insurance policy, understand whether it requires you to first notify law enforcement before they will open your claim. Most often it's recommended to have in your playbook the number for your area FBI office and ask for the "Duty Officer". This person will be able to start giving you guidance and help you determine whether local police or the FBI should be involved. Going this route will also help you get advice on whether you should be paying ransom to retrieve your data if that is what has been demanded. If you don't yet have a cyber policy, it's still a good time to evaluate getting one as the rates only continue to climb as the frequency and severity of the breaches is intensifying. This insurance can cover your costs of legal fees, lost production time, public relations activity with customers, etc, etc.

- Make sure you keep your playbook updated in terms of what customers or suppliers have language in signed contracts related to how they need to be notified if a breach occurs. Those that do have a requirement most often state that you will notify them within just a day or two of the breach. You therefore can't take a week or two just to look at your signed contracts to see where this clause exists because you'll have already breached it and made matters worse. Track and maintain a listing of all contracts you've signed that require notification of a breach so you can comply with the terms. For those that do require communication, your cyber lawyer can help you craft it.

- And if the breach impacts employee records, have a champion that will help you manage communications. Your employees can quickly lose confidence in their leadership if their personal information is mishandled. The lawyer once again will be very helpful.

- Through all of this, ensure you are tracking the associated recovery costs because you'll either want it for your insurance claim or for being able to identify it as a non-operating one off expense that should be highlighted as such in your financials.

One other piece of advice based on hacks I've seen recently. Ensure that your Accounts Payable Department is clear on protocols for accepting a change of address or change of payment lock box. A common breach these days is a hacker being able to fake being a vendor calling with a change of lock box for sending your payment. Ensure you have effective protocols for both written AND verbal notification and authorization requirements.

Having a playbook with these various actions ready will save you valuable time and can help minimize the damage the breach will cause. During a breach, your company is losing value and worth. Having a playbook can help you minimize that value loss but will help you get back on your feet to regain it and even help build the valuation from a future acquirer as they will see the strong planning disciplines that you have within your company.

Use Greenpoint Testing to Achieve Your Desired Exit Valuation

It only takes 106 questions, scanning 10 essential business functions, to stress test your readiness for a successful exit.

However, these questions require thoughtful commitment to achieve your desired exit valuation.

During this up to hour-long online testing, you'll see questions such as the following.

Sample Question 02

After internalizing each question, select among three answer options – Agree, Unsure and Don’t Agree – choosing the answer which best describes you and your business.

Then, complete the Greenpoint questionnaire to unlock your personalized report, which will reveal any gaps in your planning, pointing to the action steps needed to maximize your desired exit valuation.

Format: Digital

Delivery method: Email

Report included: Your Greenpoint results

Stethoscope Frees You to Work On Your Business, Beyond In It

120 questions, scanning 10 essential business functions, free you to work ON your business, rather than solely IN your business.

With each question requiring thoughtful commitment to identify opportunities to further your success.

During this up to hour-long digital Q&A, you'll see questions such as the following:

Sample Question 02

After internalizing each question, select among three answer options – Agree, Unsure and Don’t Agree – choosing the answer which best describes you and your business.

Complete the Stethoscope questionnaire to unlock your personalized report, which will expose gaps [if any] in your planning, and tips for future growth, resulting in action steps needed to maximize your thinking as a business leader.

Format: Digital

Delivery method: Email

Report included: Your Stethoscope results