Yahoo. eBay. Target. Sony. Home Depot.
What do these major companies have in common? They are among the many organizations that have been affected by a major data breach, resulting in millions of personal records being disclosed and exorbitant amounts of money lost.
According to the Identity Theft Resource Center, there were 1,093 data breaches in the United States in 2016 alone. This is a 40 percent increase from the 780 breaches reported in 2015. Considering that the average breach costs roughly $5 million, the threat of having your information compromised is not to be taken lightly.
To protect their assets in the digital age, companies have started to incorporate breach response plans to lessen the damage done in the case of information being compromised. Having a plan in place to mitigate the risk of a data breach is the first step in information security damage control.
A data breach refers to any instance in which information is corrupted, viewed or stolen by someone who isn’t allowed access to that information. Personal data like social security numbers, credit card information and health records can be compromised in the event of a breach.
A data breach can be caused by hackers breaking into a computer network and maliciously stealing personal information, or in a less dramatic scenario, an employee who inadvertently leaves a sensitive document out in the open on his or her desk.
As the use of mobile devices, tablets and computers has become the norm, the risk for data breaches has increased. Companies need to install data breach responses and policies to keep information safe.
Breach Response: Notifying Potential Victims
The first step in a data breach response plan is acknowledging there was indeed a breach. Once a breach has been identified, all data leaks should be secured in order to prevent any further data corruption.
After a breach is discovered, a team needs to be put in place to implement a response plan. Likely, this means gathering HR, IT, and operations employees, and possibly lawyers and public outreach organizers to coordinate a response. Depending on the circumstances, law enforcement may need to be contacted in the event of a suspected hacking.
Wherever possible, companies should look for sensitive information that was posted publicly and remove it.
Once a response team has been put together, clients who may have been affected by the breach need to be contacted. The sooner companies can reach out to potential victims, the better.
Contacting those affected by the breach allows companies to notify clients of the incident and what is being done to fix the problem. Including a data protection officer’s contact information will allow clients to ask questions and gather information on what they should do to prevent further data corruption.
Setting up call centers for breach victims to contact with questions or concerns helps to establish transparency and will give clients peace of mind.
In order to reach out to clients, companies will need to be prepared – specifically, they’ll have to compile a list of client addresses, emails, and information on the countries they’ll need to be contacted in with regards to breach response rules and regulations.
A majority of states in the U.S. has enacted legislation that outlines notification requirements in the event of a data breach. In addition, the European Union has adopted a set of data breach regulations under the General Data Protection Regulation.
Preventing Data Corruption
The best defense against data corruption is education. Outlining a consistent process to deploy in the event of a data breach and making it available to employees helps to ensure a more effective response.
Transparency during the breach response process shows that a company is willing to admit what happened and looking for ways to fix it. A company may not be able to undo what’s happened during a breach, but they can show a willingness to be honest and open in communicating with clients.
Using password-protected systems, updating computer software often, and safeguarding sensitive physical data are all components of effective data security. It’s also important to devise an organized method of data collection that gets rid of old or unneeded information. Restricting the use of employee computers and destroying physical data before discarding it also helps to mitigate the risk of a breach.
Data security is vital in the digital age, and the better prepared companies are to deal with a breach, the more likely the consequences won’t be as severe.