You’ve Got a Data Breach Response Plan. Now What?
The Experian Data Breach Resolution has released its annual 2015-2016 data breach response guide. New content focuses on ways that organizations can take their plans to the next level. While many businesses have developed solid data breach response plans, a study by Ponemon Institute found that most organizations have not discussed or practiced their plans enough. According to the Experian news release, which can be found here, 41% of surveyed executives said that they do not have time scheduled to review or update their plan, and 37% have not reviewed their plan since it was put into place.
“A response plan in a binder does not really prepare a company for handling a breach,” said Michael Bruemmer, vice president at Experian Data Breach Resolution. “Organizations need to develop what if’ scenarios that require a plan ‘B‘ and ’C‘. This is important because a breach may be intended to damage a company’s reputation, for extortion purposes or to compromise customers’ reputations. How should unique circumstances be managed? It should all be part of the plan.”
The complimentary Guide can be downloaded at http://bit.ly/1QUx19X.
Some of the Guide’s new content includes more step-by-step instructions, checklists and a preparedness quiz. Organizations that have not developed a plan yet will find the guide also offers content addressing the notification process, how to select external vendors and the public relations component of a breach response.
For additional data breach resources, including Webinars, white papers and videos, visit http://www.experian.com/databreach. Read the Experian Data Breach Resolution blog at http://www.experian.com/dbblog.”
What can your organization do to protect itself from the risks and high costs associated with data breaches? Obviously, no company or government agency is completely immune to a potential data breach, but there are some important steps to take to minimize risk:
- Encrypt sensitive data
- At IT assets’ end-of-life, shred hard drives and other data-containing equipment such as smart phones
- Have a well thought out incidence response plan in place
- Update the plan regularly
- Discuss the plan thoroughly and be sure that it includes “what if” scenarios
- Use scanning technology to monitor your network for vulnerabilities
- Provide periodic security awareness training for employees