fbpx
Insurica
Pay Now
Client Login

During a merger or acquisition, insurance policies and finances need to be scrutinized and the future of employees addressed. Cybersecurity is often put on the back burner, which is unfortunate, because this is a time when company data is at its most vulnerable. Data transfers must proceed without a hitch, or else the companies risk damaging reputation, losing customers and hurting future sales. Additionally, legal responsibilities must be upheld before, during and after the data transfer process.

CISA: Cybersecurity Best Practices

Use the following checklist to ensure you have covered all of your cybersecurity bases:

  1. Identify all data assets that will need to be transferred.
  2. Gather and merge all data standards, policies and processes from employees at both companies.
  3. Identify potential risks that could occur during data transfer.
  4. Prior to any data transfers, ensure data is backed up.
  5. Run background checks on any employee who will be involved in the data transfer process.
  6. Craft a business continuity plan to prepare for potential data loss or outages during the period when the transfer will be occurring.
  7. Assign one high-level person the job of overseeing all data transfers. They will have the task of dividing and conquering by assigning one person to each data asset that needs to be transferred.
  8. Legally transfer ownership of data assets as quickly and completely as reasonably possible.
  9. Host training sessions on new data standards, policies and processes.
  10. Update disaster recovery plans, business continuity plans and emergency plans to include newly acquired data assets.
  11. Update the risk profiles for newly acquired assets.

Cybersecurity: Preparing for Data Transfer

Planning for data transfer should begin as early in the merger or acquisition process as possible. It is wise to assign one person the task of overseeing all data transfers so that there is little room for miscommunication or error.

That person can then delegate smaller tasks, such as identifying data assets, identifying potential risks during transfer and making sure the data transfer complies with federal and state law, but the person in charge should be aware of the current status of all tasks at all times. This person should also manage the implementation of the interim business continuity plan so that daily operations are disturbed as little as possible. Keep in mind that if the acquired company has already completed portions of the data transfer or consolidation tasks, you should review the work to ensure accuracy.

Consider relocating IT employees from the acquired company early so that they can help with the data transfer and risk identification process, as they will be more familiar with their data and systems. Sufficient time should be mapped out to allow any older data to be converted for use in newer software and programs.

Finally, ensure that your system configuration records are up to date prior to any data transfers or consolidations. This will help isolate any issues that might occur and allow for an effective fix.

Cybersecurity: Good Practices for Data Transfer

Even if your company is completely prepared for the data transfer, it’s still possible that issues will arise during the process. Here are some good practices your company can utilize to minimize these risks:

  • Try to avoid using any kind of removable media to transfer data from one place to another. If the only method you can use is removable media, then take extreme care to be sure all records are encrypted, especially if they involve personal information.
  • If you have any data that isn’t getting transferred, you should dispose of it safely and completely to ensure it cannot be stolen.
  • Do not try to move all data at one time. Set small goals to complete every day or week to prevent an overload on your system or large, messy mistakes.
  • Consider halting some of your company’s cyber services until all data has been switched over in order to protect the services from being adversely affected by the transfer. Another option would be to run a similar service until data has been transferred.
  • Increase protective monitoring systems to prepare for the possibility of a disgruntled employee. Mergers and acquisitions are scary, uncertain times for employees, whose roles are often modified or eliminated to accommodate a new company structure. Update all clearances and access capabilities for employees based on new roles.

Safe and secure data transfer during a merger or acquisition is of utmost importance. Communication is crucial during this time and basic duties and responsibilities should be quickly laid out and assigned to employees before, during and after the transition.

Data transfer is not just about preventing and managing a compromise or interruption to services; you also need to keep your customers’ and stakeholders’ needs in mind, and to take their concerns into consideration. Most importantly, ensure your new and existing clients know that you’re keeping their data safe.

For more cybersecurity tips and insurance guidance, contact INSURICA today.

This is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. ©2023 Zywave, Inc. All rights reserved

About the Author

INSURICA
INSURICA

Share This Story

Stay Updated

Subscribe to the INSURICA blog and receive the latest news direct to your inbox.

Subscribe to the blog

Related Blogs

New Rules Could Transform Instant Pay Benefits

December 9th, 2024|Blog, Employee Benefits|

Federal regulators are moving to classify earned wage access programs as consumer loans, signaling a major shift for this rapidly growing employee benefit. The Consumer Financial Protection Bureau's proposed rule could reshape how companies like Walmart, Bath & Body Works and McDonald's offer early access to earned wages.

58% of Millennials Bet on 401(k)s Over Social Security

December 6th, 2024|Blog, Employee Benefits|

A significant generational shift in retirement planning is reshaping how employers need to think about their benefits packages. While older generations have traditionally viewed Social Security as their primary source of retirement income, younger workers are increasingly putting their faith—and their money—into personal retirement accounts.

Family-Building Benefits Lead Latest Workplace Benefits Surge

December 5th, 2024|Blog, Employee Benefits|

U.S. employers are rapidly expanding their family-building benefits, with fertility and adoption support emerging as key offerings in the competitive talent marketplace. New research shows companies are investing heavily in these benefits to attract and retain employees while supporting diverse paths to parenthood.

Go to Top