The ongoing war in Ukraine is impacting the region in numerous ways, however, a topic overlooked by many currently is cybersecurity. Given the tense situation in Ukraine, and the significant spike in malicious cyber activity reported by observers, we recommend that all companies and institutions review and strengthen cybersecurity measures where necessary.

Cybersecurity affects almost every organization today, and increasing data breaches have come to stay. To help you navigate in these challenging times and help keep your data safe, we have put together a quick overview covering the key tips for preventing a data breach, or if one has taken place, outlining the suggested next steps in order to mitigate further damage.

The ABCs of cybersecurity

The best way to respond to a data breach is to understand in advance what data is being processed and stored in your organization (such as personal data, health data, intellectual property, customer data), where and how the data is stored, how it is secured during transmission or backup, and who has access to it.

1) Map the risks

Assess your organization’s cyber risks and prepare a Plan B outlining how to prevent a cyber incident from compromising the availability of your services. It is important to have an action plan for crisis management and to practice it systematically in the institution.

2) Follow the standards

An organization’s information security system should be built based on a standard or best practice. This provides an opportunity to require compliance with the rules established for the organization of information and network security and systematic reporting. The standard also provides answers to questions such as how to manage information asset management, access, and user rights, how to back up data, and how to protect media.

3) Test systems security

Security tests must always be performed before new services or new versions of existing services can be used. Also, carry out systematic testing of your core services at least every two years and ensure that the necessary contracts are in place and that funds are budgeted.

4) Encrypt data exchange

One of the main attacks is related to the abuse of e-mail. Ensure that, in addition to the data stored, the organization’s data exchange, in particular the exchange of e-mails, is encrypted and the falsification of your authority’s e-mail addresses is made as difficult as possible for criminals.

CERT-EE, responsible for the management of security incidents in EE computer networks offers the public a free analysis environment Cuckoo, which can be used to check for suspicious files. The environment can also be used outside Estonia and it is in English.

CERT-LT also offers public tools to check websites and devices.

Where can I find information on the most common cyberattacks?

  • News and threat assessments of the Estonian Information System Authority (RIA);
  • Regular summaries of the most important events of the past month and the situation in Estonian cyberspace and the international environment;
  • Regular summaries of the most important events and situations in Latvian cyberspace and the international environment;
  • Regular summaries of the most important events of the past month and the situation in Lithuanian cyberspace and the international environment.

Download an action plan to prepare for a data breach here.

What to do in case of a data breach?

Prompt and strategic action helps to protect data and data subjects, gather the necessary evidence, protect the reputation of the organization and ensure the continuity of vital functions and services. The first 72 hours after finding out about the data breach are of critical importance. Use this action plan and react timely.

1) Detect the data breach

The first important step is to identify the data breach, identify the root cause, assess the extent, and document the breach in detail. The volume, sensitivity, and nature of the breached data need to be identified. The necessity and time-critical nature of the next steps depend on this.

2) React immediately

When a data breach is detected, the weakness of the system must be rectified immediately. The immediate response includes, with the support of cybersecurity professionals, correcting the vulnerability of the leakage system and, if necessary, restricting physical and/or virtual access to the data.

3) Inform relevant authorities

In Estonia, this is CERT-EE within the Estonian Information System Authority & Estonian Data Protection Inspectorate. If the breach data may result in a threat to the rights and freedoms of a natural person, the Data Protection Inspectorate must be notified of such violation within 72 hours. Depending on the nature of your organization and the services you provide, you may also be required to report the cyber incident to the CERT-EE Department of the Information System Authority within 24 hours.

In Latvia, this is CERT-LV. CERT has information on which organizations are required to report breaches; depending on the nature of the organization and the services you provide; others can do so voluntarily. If the leakage of personal data may result in a threat to the rights and freedoms of a natural person, the Data State Inspectorate must be notified of such violation within 72 hours.

In Lithuania, this is the National Cyber Security Centre. If the leakage of personal data may result in a threat to the rights and freedoms of a natural person, the State Data Protection Inspectorate must be notified of such violation within 72 hours.

4) Inform data subjects if necessary

If the breached data contains personal data and the violation is likely to pose a serious threat to the rights and freedoms of natural persons, the natural persons concerned must also be notified of the violation. The seriousness of the threat should be assessed on a case-by-case basis, taking into account, among other things, the type of breach and the nature, sensitivity, volume, and severity of the consequences of the breach for the individuals affected by the leak.

Download the data breach response plan here.

When detecting a breach and performing the above activities, it is essential to document all circumstances and corrective actions and to maintain correspondence with the authorities. It allows the supervisory authority to verify compliance and the organization to prove its performance.

Need help protecting your data and ensuring compliance? Our team of data protection experts is at your service: