Planning for a data breach is actually a great strategy for preventing data breaches in the first place.
The likelihood that a company will be faced with a security incident gets higher every year. In a 2016 Ponemon study, 52% of companies experienced one breach during the year, and 66% reported multiple breaches.
Here are 9 questions about your data breach plan that will help you better understand the risk – and how to prevent a data breach.
- Is there an incident response team? Every company should have one, made up of department representatives, IT and other first responders, legal counsel, media-savvy spokespeople, and senior executives. The Ponemon study reported that 57% of respondents said their company’s C-suite was not part of the team.
- What data in the organisation is considered sensitive? Identify all the data (on hand and being collected on an ongoing basis) that is confidential and why (e.g. data protection law compliance, etc.)
- How is confidential data inventoried? A comprehensive Document Management Policy provides a formal process that helps protect documents from creation to destruction. For example, all files, whether digital or paper, are labelled by their contents and for how long the information needs to be kept. This kind of data retention process will eliminate unnecessary data as soon as possible too.
- Who has access to confidential data? Visibility into end-user access of sensitive and confidential information is critical. Implement access-controls so that only those employees who need the data to do their jobs have access.
- What data safeguards are in place? For computer devices, use the most current versions of firewalls, anti-virus software, applications and operating systems with automatic security patching; also complex passwords and multi-factor authentication. Implement a Clean Desk Policy and provide lockable desks, cabinets and other storage for paper documents and legacy hard drives. A culture of security and ongoing employee training will support data security best practices.
- How is data being transferred around? Protect data in transit. Teach employees to guard confidential information – not to leave it exposed in public places or visible in their cars. Encrypt data, do not use public Wi-Fi, and lock mobile devices.
- Is the data breach ‘plan’ updated regularly? While 86% of respondents in the Ponemon study said their organisations have a data breach notification plan only 24% have a procedure for keeping the plan current. But there are always new risks. For example, ransomware is currently a huge issue. But 45% of respondents say they are not taking any of the steps listed to prepare for a possible ransomware attack.
- Are third parties audited? Conduct due diligence on all third-party service providers. Third parties and business partners have been identified as a significant risk when it comes to breaches.
- How is data destroyed? Partner with a trustworthy document destruction company that provides secure destruction services for paper and digital data. There should be a secure chain of custody with trained security professionals, on- or off-site information destruction, and a Certificate of Destruction issued after each service.
Knowing these 5 key areas of office fraud is another way to help reduce the risk of a data breach.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and data security survey.