In the event of a data breach, your level of preparedness will make a significant difference in your ability to recover. Here are key components of data breach management to consider for your business.
Continually Analyze Your Risks
Analyze your risk of a data breach from three perspectives: processes, technology, and people. This risk assessment will give you a clearer picture of potential holes in your security.
Processes: Forty-eight percent of breaches were caused by malicious or criminal attacks by hackers or criminal insiders. Evaluate the way you collect, store, or transmit sensitive financial or customer data. Take the time to confirm your vendors’ compliance with the latest cyber security recommendations.
Technology: The use of encryption has been shown to help decrease overall data breach costs. Consider encryption of all devices used by your employees, such as laptops, tablets, and smartphones. Additionally, install firewalls for servers and networks, or restrict access to suspicious websites.
People: Phishing, or “social engineering,” scams are becoming more and more sophisticated. Educate your employees to “think before you click” on e-mails that seem suspicious, too good to be true, or uncharacteristic of the sender. Always double check accounts, and job or order numbers against your accounts payable. When in doubt, call the vendor to confirm a payment request.
Establish a Crisis Management and Response Plan
An established incident response team can help reduce your data breach costs. When you experience a data breach, time is of the essence and you need to be prepared to respond quickly and appropriately per your legal or regulatory obligations.
Determine when and how the breach occurred, the type of information accessed, and how many individuals were affected. Work with qualified legal counsel to determine your legal obligations. Then assess the risks you and your customers face because of the data breach, and how you will mitigate those risks. When communicating with your employees and customers, be genuine and clear while letting them know what actions you are taking, but be cautious to not overshare. Companies that focus on improving future actions and how they can immediately assist employees or clients can do much to restore good faith and retain business.
Work with your legal advisors and risk managers to create and refine your plan on a regular basis. Check with your insurance carrier to determine what resources are available for development and training. “Cost of a Data Breach Study: Global Overview,” Ponemon Institute. Published July 2018.
Published Date:February 11, 2019
Categories: Risk Management Corner