Data Breach Plan: Does Your Business Have A Strategy? Just In Case.
Designing and implementing a comprehensive Data Breach Response Plan is a must during the first quarter of 2014. What’s stopping you from being prepared?
Retailers including Target, Neiman Marcus, and Michaels, experienced data breaches in the beginning of 2014. For many businesses, these massive data breaches served as a wakeup call. If you’re not worried about the possibility of a data breach, you should be. Data breaches are unexpected, unplanned, and often, occur too quickly for the company to prevent the breach.
So how does a data breach happen? Data breaches can result from a variety of Incidences:
- Hackers gain access to data through a malicious attack.
- Equipment is lost, stolen, or temporarily misplaced.
- Employee negligence regarding passwords and/or appropriate security measures.
- Security policy and/or system failure.
While cyber-attacks are a common cause of data breaches, other types of breaches occur on a regular basis. As a business owner, you must be prepared to face cyber-attacks and “insider threats.” Often, employees may accidentally or unknowingly expose or lose sensitive data. In contrast, resentful current or former employees may purposely expose or lose sensitive data.
Data breaches are damaging regardless of the cause. It’s critical to use proper security measures to minimize the likelihood of a data breach. In addition, you must create an effective breach response policy in order to be prepared to detect and respond to a data breach.
Security Measures to Minimize the Likelihood of a Data Breach
Here’s a few tips to help you minimize the likelihood of a data breach:
- Document sensitive information maintained and stored by your organization.
- Document what systems contain sensitive information, including backup storage and archived data.
- Conduct regular risk assessments and evaluate privacy threats.
- Implement adequate security controls, such as encryption, where possible.
- Review and update your data destruction policies to ensure data is wiped prior to disposing or recycling equipment.
- Implement controls to prevent and detect unauthorized access to, or misuse of, sensitive information.
- Review access policies to ensure trustworthy users are the only individuals with access to sensitive information.
Be Prepared to Respond to a Data Breach!
You must design and implement a comprehensive data breach response plan. This plan must be kept up-to-date by conducting regular data threat assessments and staying informed on relevant privacy laws.
Here are the steps necessary to create a comprehensive data breach response plan:
- Consider relevant breach notification legal requirements.
- Specify incident handing procedures.
- Specify procedures for communication with your leadership team and third-parties/law enforcement.
- Conduct regular reviews of the policy to include improvements and changes to applicable legal requirements.
- Identify a team manager who will be in charge of the incident response.
- Assign team roles and responsibilities for staff members.
- Establish employee expectations regarding your data breach response plan.
To learn more about preventing and responding to a data breach, give us a call at 403-215-8070 or send us an email at firstname.lastname@example.org. VBS can help you implement proper security measures and design a comprehensive data breach response plan.