Starting in April of 2022 there will be a new data breach requirement for banks within the United States. On November 18th the FDIC, Federal Reserve, and the OCC issued the final version of this new requirement. The new rule requires FDIC supervised banks to report a data breach within 36 hours of discovery to the FDIC. For more information check out Dark Reading’s article.
Why this matters
While you are most likely not a bank, this new data breach requirement is still important to small businesses. When a bank reports an incident sooner to regulators the small business, if impacted will almost certainly be notified sooner too. This is important as it allows a quicker response for the small business to ensure their accounts and funds are safe.
Be proactive about incidents
While this regulation focuses on banks, it is good practice for small businesses to follow suit. When you identify a cyber incident, it is important to reach out to your legal counsel for next steps. Doing this quickly is important in understanding what just happened. If you and your legal counsel believe a notification is needed, getting one out sooner can start rebuilding your relationship with your impacted customers. It is important to be open and honest in your communications.
Stay vigilant against attacks
It is always important to continuously check your banking statements, accounts, and funds. It is also important to report any errors or unusual activity to your financial institution immediately. Reporting these in a timely manner can help you remediate any issues quicker while also providing information for the institution to analyze if there is a bigger incident occurring.
For more information on cybersecurity, cybersecurity best practices, and other cybersecurity tips for your small business, check out Small Business, Big Threat today! If you never want to miss one of our posts, sign up for our monthly newsletter!