Start-Ups and Cybersecurity: How to Deal with a Cyber-Attack

For many start-ups, cybersecurity will become even more important in 2021, as data breaches have legal consequences. Every company must take the appropriate technical and organisational measures to protect customer data and prevent cyber-attacks.

A look at foreign countries’ practice shows that under the General Data Protection Regulation (GDPR), companies are generally subject to fines for failing to implement inadequate security measures which then lead to the leaking of personal data. Also, data subjects can now demand compensation from companies for leaking their data. The Ecovis consultants recommend that start-ups in particular should deal with the issue, and set up the appropriate protective mechanisms, right from the word “go”.

The ECOVIS ProventusLaw Data Protection, Cyber, and IT Security, Operational Risk Team has drawn up the following list of recommendations on how to increase cyber resiliency, both for businesses and consumers.

Together we can create a plan for how to prevent cyber incidents, or react to attacks.

Loreta Andziulytė, Attorney at Law, Partner, ECOVIS ProventusLaw, Vilnius, Lithuania

Recommendations for Business

• Implement breach detection, investigation, and internal reporting procedures at your company. You will be prepared in advance for crisis management and this will facilitate decision-making, responsibilities etc.
• Keep a record of any personal data breaches, and an investigation report.
• Report known personal data breaches to the relevant supervisory authority. This must be done within 72 hours of becoming aware of the breach.
• Where feasible, ensure fair communication with affected data subjects and explain to them how to mitigate the risks.
• Ensure both external and internal communication about what has happened.
• Make an action plan on how to prevent similar issues in the future.
• Train your staff.
• Use the salt (cryptographic) method for passwords, where certain characters are inserted in each password during encryption. This makes stealing the password hashes worthless.
• Ensure continuous monitoring of IT systems and improvement of cybersecurity systems.
• Perform regular IT security tests and/or audits.

Recommendations for Consumers

• Change a leaked e-mail password.
• Do not use the same passwords for different logins on different systems.
• Do not use work e-mail accounts for personal services.
• Use a password manager to create different passwords for all sites.
• Consider changing personal documents (to prevent your data from being used for fraudulent purposes).
• Warn relatives of possible cases of fraud and false reports against them.
• Do not distribute or share stolen personal data or references to it, as such behaviour only adds to the crime committed.

Implementing these requirements will help organisations to ensure compliance with the General Data Protection Regulation, explain the Ecovis experts.

For further information please contact:

Loreta Andziulytė, Attorney at Law, Partner, ECOVIS ProventusLaw, Vilnius, Lithuania
Email: loreta.andziulyte@ecovisproventuslaw.com