Improve Data Breach Preparedness
How would your organisation deal with a large data breach?
Many businesses would not know how to respond, according to security solutions expert Phil Smith who has done hundreds of post breach forensic investigations.
In a commentary posted at darkreading.com, Smith wrote: “If an incident response readiness program is not up-to-date and not tested, the response will be unorganised and lead to mistakes, delay and further exposure. Executives and lawyers will be scrambling for answers and unintentionally divert IT and other resources from responding to the actual incident.”
This lack of preparedness puts your organisation at greater risk of financial and reputational damage but with the right procedures in place, both you and your employees can be ready to deal with a potential information breach. Better yet, you can reduce the likelihood of one occurring at all.
Here are 10 ways to improve your organisation’s data breach preparedness:
- Create a security breach incident response plan. It should provide steps, timelines, and checklists for what needs to be done in case of an information breach. (Having one can decrease the cost of a data breach by £12 for each lost or stolen record, according to the 2014 Cost of Data Breach Study: United Kingdom by Ponemon. The average cost paid for each breached record was £95.)
- Keep the information breach plan up-to-date. Things are always changing, and it’s important to be flexible and current according to Ponemon’s 2014 Second Annual Study on Data Breach Preparedness.
- Invest in IT security. The latest cyber security software, encryption software, and firewall protection are important in maintaining information security standards. But research highlights two areas in particular: continuous monitoring information systems and enabling timely detections of a security breach.
- Conduct a security risk assessment regularly. This will help you to keep on top of areas you need to make improvements to avoid damaging information security breaches.
- Appoint a Chief Information Security Officer (CISO) to lead the incident response team. This type of leadership is important: the 2014 Cost of Data Breach Study: United Kingdom also showed having a CISO could reduce the cost per lost or stolen record by a further £4.
- Provide security awareness training. Mistakes made by employees are a frequent cause of data breaches. What’s most important is that staff know how to respond to network security and other breach incidents quickly and correctly, according to the SANS Institute, which specialises in computer security training.
- Provide specific customer service training. After a breach, customer service department employees are often the ones fielding questions from concerned customers. In 2014, just 34% of the data breach preparedness study respondents provided this type of security breach response training.
- Rehearse the incident response plan. Conducting practice runs of your emergency preparedness plan will help ensure that everything is covered, according to the Data Breach Response Guide 2013-2014 by Experian.
- Consider data breach or cyber insurance. Statistics show that information breach insurance is becoming an important part of a company’s preparedness plans. The Data Breach Preparedness study showed that in 2013 10% of companies purchased a policy; last year, 26% did.
- Make information security a standard in the workplace. Integrating information security policies such as secure document destruction and a Shred-All Policy will help reduce data breach risk. All documents that are no longer needed should be deposited into locked consoles for secure shredding. It's also important not to overlook electronic media and hard drive destruction in your secure destruction policies and processes.
In an age of increased security threats, learn why prevention is still far better than cure when it comes to your confidential information and your reputation.
Join the conversation on information security with us on Twitter @Shredit_UK