No one wants to think about dealing with a data breach. It’s a scary concept, and many people live under the assumption that it’s a rare issue that will never happen to them or their company. The truth is, it can happen to anyone, and companies need to take the precaution of setting up a data breach response plan. Having an effective plan will help control the situation should a breach occur.
Now, simply talking about the plan of action isn’t really a good approach–it’s best to have formal policies outlining the steps you’ll take if a breach occurs, whether your business is large or small. But how do you come up with a plan like this, and how can it help your business?
The Danger of Data Breaches
Data breaches can be devastating to businesses. Company trade secrets, financial information, employee personal information, and even customers’ private data can be affected. A breach can have financial impact, as well as damage a company’s reputation. While it’s not always possible to prevent a breach, companies can control their reactions to a breach with a clear, well-planned data breach response plan.
Once a breach has occurred, there’s no way to get back the information, but there are ways to perform “damage control” and minimize the impact a breach will have on the business. This is important, because the average consumer has become very wary about their private data being accessed without their permission. According to a 2014 Poneman Institute survey, 50% of survey participants had data involved in a breach of some kind–a sharp increase from just two years before. How a company handles a crisis could make a big difference in the reactions and security of consumers.
Creating a Data Breach Response Plan
Creating a data breach response plan may seem intimidating at first, but there are lots of resources and guidelines to help you get started. Some basic steps to responding to a breach include:
- Documenting events before and after the breach
- Complying with any applicable laws
- Communication with the company about how the breach should and should not be discussed
- Discussion with a legal professional
- Finding the cause of the breach and how much data was compromise
- Notifying those affected
Dealing with a breach is time-consuming and expensive, but a solid plan can make the process easier to navigate.
Keeping it Up to Date
It would be nice if you could just make a plan and forget about it–with the hope that you’d never actually need to use it. But the reality is that technology changes quickly, and you’ll need to update your policies regularly for them to be effective. Review your policies at minimum once a year to make sure they are up to date and will be effective in case of a breach.
Breaches on the Rise–Protect Your Information
Of course, the best case scenario is to prevent breaches in the first place. Securis recommends taking the following steps on their blog:
Obviously, no company or government agency is completely immune to a potential data breach, but there are some important steps to take to minimize risk:
- Encrypt sensitive data
- At IT assets’ end-of-life, shred hard drives and other data-containing equipment such as smart phones
- Have a well thought out incidence response plan in place
- Update the plan regularly
- Discuss the plan thoroughly and be sure that it includes “what if” scenarios
- Use scanning technology to monitor your network for vulnerabilities
- Provide periodic security awareness training for employees
Once a device has become outdated, non-functional, or no longer needed, data security doesn’t stop. You’ll need to work with a certified IT asset disposition (ITAD) provider to ensure that your data has been wiped from old devices before resale or recycling.
Does your company have a data breach response plan? Does everyone know what to do should a breach occur?
Susannah Bruck is a freelance blogger, editor, and ghostwriter. She has been putting her skills to use for clients since 2010, and enjoys working on formats ranging from blog posts to short stories and plays. You can find her at World Adventures