With data breaches making healines every other day, it is important now more than ever to be prepared for the event of a Data Breach. According to Research Reports done by Ponemon Institute on Data Breach Preparedness they found that while a few companies are making valuable changes many companies are deficient in governance and security practices. Effective preparedness includes: keeping the data breach response plan up-to-date, conducting risk assessments of areas vulnerable to a breach, continuous monitoring of information systems to detect unusual and anomalous traffic and investing in technologies that enable timely detections of a security breach.
In addition to helping a company prepare for a breach, the existence of a plan can reduce the overall cost of an incident. The 2014 Cost of Data Breach Study: United States reported that the average cost for each lost or stolen record was $201. However, if a company has a formal incident response plan in place prior to the incident, the average cost of a data breach was reduced as much as $17 per record.
So where do you begin your Data Breach Preparedness Plan?
- Begin by assigning a knowledgeable person to head a response team (CISO-Chief Information Security Officer, CO-Compliance Officer, Head of Business Continuity Management, Chief Information Officer, Chief Risk Officer, Head of PR and Communications, General Counsel, Chief Privacy Officer or Human Resources)
- The response team should acquire such skills such as IT security, legal and public relations and privacy
- Talk to your insurance broker about adding a Data Breach or Cyber Insurance policy or adding an endorsement to your current liability coverage
What are the technical security considerations?
- Risks created by end-users and mobile devices
- Know what technologies are available to quickly detect a data breach
Prepare through Risk Assessments & Monitoring
- Risk access information systems for unusual or anomalous traffic
- Consider drills, procedures and oversight that help improve upon the data breach response plan becoming more effective
Consider Retention of Customers after a data breach in your plan
- Free identity theft protection and credit monitoring services
- Designated call center to provide information and respond to customer concerns
- Gift cards
- Discounts on products or services
- A sincere and personal apology (not a generic notification)
This is an overview of what to consider when creating a data breach preparedness plan. For more detail click on Creating a Data Breach Preparedness Plan.