Tips to Develop Breach Plan
You have one shot to get it right. How should organizations prepare properly for a data breach?
Too often, organizations that go to the effort of creating a breach response plan - but then they fail to actually test it. That is as if you have a fire evacuation plan, but you don't actually execute the drill to make sure the people get out of the building.
To prepare properly for a breach, organizations should:
Select an Individual to Lead the Charge:
Pick that right individual that has enough knowledge of the company and an overview of the importance of the personal identity information that needs to be protected.
Conduct an Audit of All Subcontractors:
So many breaches today occur at third-party service providers. Organizations, then, should ask their key vendors about their own data breach response plans, as well as how big of a priority it is to protect the data they're handling. It's also important to have a formalized agreement of the vendors' breach plans and that they practice it.
Involve the Right Departments:
Privacy, public relations, customer service and information security departments all need to be involved in breach planning. Outside professionals, such as legal and law enforcement, should also be included in the preparation process.
Complete a Yearly Breach Drill:
The ones that actually practice it and have seen some of the hitches that go on, when they've actually experienced a real breach they've done much better in responding more quickly, satisfying the regulators, minimizing the cost and protecting brand reputation.
You have one shot to get it right. How should organizations prepare properly for a data breach?
Too often, organizations that go to the effort of creating a breach response plan - but then they fail to actually test it. That is as if you have a fire evacuation plan, but you don't actually execute the drill to make sure the people get out of the building.
To prepare properly for a breach, organizations should:
Select an Individual to Lead the Charge:
Pick that right individual that has enough knowledge of the company and an overview of the importance of the personal identity information that needs to be protected.
Conduct an Audit of All Subcontractors:
So many breaches today occur at third-party service providers. Organizations, then, should ask their key vendors about their own data breach response plans, as well as how big of a priority it is to protect the data they're handling. It's also important to have a formalized agreement of the vendors' breach plans and that they practice it.
Involve the Right Departments:
Privacy, public relations, customer service and information security departments all need to be involved in breach planning. Outside professionals, such as legal and law enforcement, should also be included in the preparation process.
Complete a Yearly Breach Drill:
The ones that actually practice it and have seen some of the hitches that go on, when they've actually experienced a real breach they've done much better in responding more quickly, satisfying the regulators, minimizing the cost and protecting brand reputation.
No comments:
Post a Comment