A Greater Town : US : NJ : Mercer : Princeton : Computers & Electronics : Informational Technology — Information Technology

Strategies for Dealing With Data Breaches

Information Technology

Updated on Mar 26, 2013

Edit post | View more like this | Visit Princeton, NJ | Contact Cyber Data Risk Managers
Strategies for Dealing With Data Breaches
by Christine Marciano, President, Cyber Data Risk Managers


When it comes to data breaches, businesses of all sizes need to consider when one will happen, rather than if one will happen.

Most businesses today realize that, while a data breach can’t be predicted, it should be expected. The focus should shift to how to best handle breaches that do occur.

Good planning will make the difference between a living nightmare for the whole organization or a prepared organization that is ready to minimize harm. The cost of poor planning, meanwhile, can be huge financial losses or even bankruptcy for small and midsized businesses.

This was the case for Impairment Resources LLC, a national medical records firm. The firm filed for bankruptcy in March after a break-in on New Year’s Eve 2011 that led to the compromise of roughly 14,000 files. The cost of dealing with the data breach was prohibitive for the firm, leading to its demise.

Creating a data breach incident response plan, and incorporating it into the organization's business continuity plan, simply makes business sense. Here are seven things your business can do once your endpoint has been compromised:

- Stay calm. Don’t rush out the minute you learn about your data breach and announce it to the world. You will want to take a deep breath and organize your response team. Involve designated key employees, a privacy attorney, a computer forensics expert, and your cyber insurance agent.

- Call your insurance agent. While traditional business insurance policies do not cover data breaches, a cyber insurance policy will. Your cyber insurance carrier would help coordinate your incident response team.

- Get a computer forensics investigator involved. Before you send out your notification letters, you will want to know whether any sensitive personally identifiable information (PII) was accessed/stolen. Knowing this will trigger whether or not you need to report your data breach and determine if notification letters need to be sent.

- Speak with/hire a data privacy attorney. If you believe that your data breach has exposed sensitive PII, you will want to hire a data privacy attorney to help coordinate your breach from start to finish.
Send out notifications to potential breach victims. Each state where you do business and where your customers reside will have its own requirements for reporting breaches. Follow state notification laws and adhere to specified time frames for sending out notification letters.

- Offer an identity-theft/credit-monitoring service. While not a requirement, it’s become an industry standard to offer some type of identity-theft/credit-monitoring service to each potential victim.

- Tighten your endpoints and fix data leakage. While no security system is 100 percent foolproof, installing firewalls, updating antivirus systems, investing in an IPS or IDS system, and updating software and patches can help your business minimize the risks of an additional data breach.

How your business responds to a data breach can either harm or enhance your reputation. Take the time to think about the steps involved and to create a data breach incident response plan before a data breach happens.

*Article originally appeared in http://www.point2security.com (5/30/12)

CONTACT:

Christine Marciano
CYBER DATA RISK MANAGERS LLC
US toll free: 1 +855.CUT.RISK
Fax: 1 +732.709.1684
Twitter: @DataPrivacyRisk

goodideazs, LLC is not affiliated with the authors of this post nor is it responsible for its content, the accuracy and authenticity of which should be independently verified.

About | Advertise | Terms | Privacy | Contact A Greater Town

Top Business Listings | Banner Art Gallery | Blog | Seo Site Crawler

Copyright © 2007-2019 goodideazs, LLC. All rights reserved.