Our third episode, “Cyber Breach Response”, features guest speakers Angeline Chen and Bodo Meseke.  After we discussed what a lawyer or executive should do if their company experienced a breach, I asked our guests whether their advice would change at all if they “were dealing with a smaller company, say like a 10 person company that didn’t have the amount of resources that maybe a global multinational might have?”  Angie said:

“Yeah, some of the basics we mentioned already are pretty much the same, regardless of the size of the company.  Even small businesses and midsize businesses can and should have a plan.  And in some respects, it can be a little less complex because you probably have a more contained information system, or fewer employees and therefore a higher degree of ease and training or educating them or having a sense of what’s happening.  But it’s a great point to make that small businesses certainly don’t see their ability to conduct business on an ongoing basis as any less critical to their well-being and profitability than large businesses.  And in fact, cyber breaches can in many instances completely wipe out a small business, which by definition has fewer resources and less margin for accommodating disruption.  So I think the key for small and even midsize businesses, frankly, is to prioritize smartly.  You still have to plan and prepare, at least have a plan of what you’re going to do.  And if you can’t afford or may not feel you need to hire an external consultant to help advise you, say, on creating that incident response plan or even where to start, there are frankly a lot of free resources that are geared not just to creating cyber breach response plans on a general term, but specifically focused on small businesses.  As an example, the U.S. Small Business Administration has a significant amount of resources on cybersecurity that are geared towards helping small businesses understand and prepare for cybersecurity issues and incidents.  The Chamber of Commerce also has a lot of materials, some of which are publicly accessible, to help guide small and midsize businesses as well.  Partnering with other businesses and service providers that also carry a mindset of cybersecurity and smart cyber hygiene also helps and making sure that you have a workforce, particularly if it’s a smaller workforce, where they are at least cognizant of basics of cyber hygiene and discipline and why it’s so important.  And making them feel that they have a vested interest in the company being successful on this front and this is a core part of their responsibility.”

Interested in hearing more?  Want to know what Bodo said?  Check out Episode 3 here (available August 31, 2021).