Types of costs associated with data breaches

• Digital forensics
• Cybersecurity firm
• Credit monitoring
• PR/Communications firm
• Legal counsel
• Lost productivity
• Lost revenue
• Reputation

About The Case

Vastaamo, a prominent Finnish psychotherapy centre running 25 clinics, fell victim to cyber criminals. Hackers stole confidential patient data before blackmailing tens of thousands of patients for money in exchange for keeping the data secret. As victims have been advised not to comply to demands, the criminals have been releasing the data of about 100 patients each day on the dark web.

It was reported that the centre failed to notify their patients or the general public enough to take countermeasures when previous data breaches occurred. The previous owners sold over the company to a new owner even though they were aware of the hacking before it was made public.

Damages

Due to the hackings, the new owner of the
psychotherapy company is in deep trouble with hefty fees and bruised customer confidence.

• Divulge of Confidential Information
  Patient information including social security numbers and transcripts between patients and their therapists were disclosed online for all to read, causing emotional distress to patients.

• Pending lawsuits from patients
  Due to the data breach, patients are intending to file lawsuits against the psychotherapy centre

Cost Factors associated with data breaches

• Unexpected and unplanned loss of customers following a data breach.
• Number of records lost or stolen during the incident
• Time taken to “Identify and Contain” a data breach incident
• Detection and escalation of the data breach incident

Basic Security Solutions Required for SMEs

• Firewall-as-a-Service
  Comprehensive full fledged security suites guard against malicious attacks and have the ability to block zero-day threats due to sandboxing.

• Adequate end-user training
  Even with the best software, end-users remain the weakest link when it comes to compromise. Cyber awareness training is key to ensuring that your employees are aware of what to do to avoid divulging sensitive company information by accident.

• Email Security
  Did you know that there are different solutions that protect inbound and outbound emails? Virtru encrypts sensitive data and files to protect sensitive information that you send. Only your recipient will be able to decrypt it. You can control access to the email at any time, even after it has been read.
  
  For inbound emails, grMail uses Global Threat Intelligence to detect email fraud such as business email compromise, phishing and more.

• Backup with Ransomware Detection
  Datto is a backup solution with ransomware detection – when ransomware is detected, you can simply click to restore previous versions of the back-up, and you do not need to pay ransom to the cyber criminals in order to retrieve your data.