No company, large or small, is immune to a data breach. A data breach is any incident where personal identifiable information (PII) is stolen by an unauthorized individual.
Examples of PII include, but are not limited to, credit card information, biometric records, payroll information, medical records and addresses. When a data breach occurs, it’s important for organizations to act quickly in order to limit the damage.
When responding to a breach, follow these 3 steps:
1. Conduct a preliminarily assessment. When a data breach occurs, organizations must take steps to prevent the issue from getting worse and assess the situation. It’s critical to make note of when the breach occurred, how it was carried out and how many customers were affected. This information is vital when it comes time to communicate the incident.
2. Evaluate the risks associated with the breach. After the breach has been verified and contained, organizations should perform a more detailed risk assessment. This assessment should examine the type of PII that was lost, how specific types of PII were targeted, and the strength and effectiveness of your security technologies.
3. Notify your customers and the public. Prompt notification allows your customers to take the necessary steps to protect themselves from identity theft. When notifying customers, keep in mind your company’s legal and contractual obligations, how likely your customers are at risk of identity theft or fraud, and any reputational damage the data breach may cause.
After a data breach, organizations should aim to protect themselves and their clients from the possibility of a future attack. Many times, this practice is as simple as reviewing internal policies and bolstering employee training practices.
It is also recommended that companies perform an audit of all technology to determine the level of security in place. In addition, consider contacting vendors and partners of the company to ensure that they have effective security policies in place.
What’s the cost of a data breach?
The costs of a data breach vary in every instance, but there’s one thing we know for certain: Data breaches cost companies much time, money, and reputation damage. In one famous example, Target’s quarterly profits were cut in half after the retailer suffered a data breach. And, the damage didn’t stop there…