[BreachExchange] Worried about a data breach? Here are 3 ways to be prepared

Audrey McNeil audrey at riskbasedsecurity.com
Tue Sep 13 19:19:12 EDT 2016


http://www.bizjournals.com/albany/how-to/technology/2016/
09/worried-about-a-data-breach-3-ways-to-be-prepared.html

It’s difficult to read the news and not come across a story about a company
and its customers falling victim to a data privacy incident.

Recent breaches, and the staggering financial and reputational costs
associated with them, may have you asking: Will this happen to us?

The question is not if, but when.

According to the 2016 Global State of Information Security Survey, last
year there were 38 percent more security incidents detected than in 2014.

As threats continue to rise, consider these three key steps to prepare for
these types of incidents.

1. Acknowledge the possibility that it may happen to you

It’s basic human nature to think something like this will never happen to
you or your business.

Unfortunately, incidents can result from more than just hacking or criminal
behavior. Knowing the variety of circumstances that can lead to an incident
will help prevent risk to your company. Such incidents include but are not
limited to:

A lost laptop containing unencrypted client, patient, or employee data
Donated file cabinets containing paper records with personally-identifiable
information including employee files
Network intrusion that results in potential access to sensitive files
containing personally-identifiable or confidential business information
A rogue employee selling personally-identifiable information of customers
and employees
A lost or stolen back-up tape

As for timing, data privacy events tend to occur after hours or right
before a big holiday. Cyber criminals often target these times because
they’re the most vulnerable hours for an organization.

Everything an organization does, from the time of discovery forward, is
essential for managing reputation, costs and litigation

2. Develop a plan

Now that you know the risks, it’s time to play offense. The best way to do
that is to develop an organized and documented approach to address and
manage the process from initial discovery forward.

Known as an incident response plan, this step-by-step process gives
businesses a playbook to follow. If properly written and adhered to, it can
manage cost, time and reputation.

3. Engage professionals

Creating an incident response plan from a blank sheet of paper can be a
daunting process, but help is available. Many internet-based resources
offer workbooks and templates that can help get the process started — but
an essential first step is to assemble a team of experienced people to help.

A well-written incident response plan can save time and money, create a
defensible position, and help preserve a company’s reputation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160913/8bd5b273/attachment.html>


More information about the BreachExchange mailing list