Responding to a data breach can test your organization’s survival readiness. Many have no plan, no resources, no insurance protection. Could you be risking all you’ve built?
The previous RiskSmart Tip talked about prevention steps you may need to implement. But that’s not all you need to help make your business safe. Next, you must: 1) recognize when there’s a problem and 2) notify everyone involved in a timely and professional manner.
It’s now common knowledge that hackers are well ahead of any security you may have. Experts say it can take weeks, even months before firms even find out there’s a problem. But that doesn’t mean you have to give up!
Your focus must be not only on preventing access to hackers, but equally on discovering their presence as quickly as possible. There are software mapping and logging tools that can monitor your Internet traffic and uncover anomalies. There are experts prepared to assist you in setting up and monitoring your systems, training IT, and helping other employees to recognize when something’s not “right.”
For example, phishing is becoming very devious and effective, and social media is now an easy way to break into corporate systems. After a second or third re-boot in a day, it’s time to check with IT for expert help and make sure all is okay.
Costs are coming down to more affordable levels. The shorter your time to discovery, the better you can limit your losses. Resources include:
- AllClear ID (allclearid.com) has an affordable system of protecting all your customers and employees from identity theft – the primary concern of impacted persons.
- Fidelis Cybersecurity Solutions (fidelissecurity.com) offers pre and post breach services with advanced technology to figure out exactly what happened and better estimate the possible consequences.
- Other vendors, like Trend Micro (trendmicro.com), known for antivirus software, are getting into more pro-active network security solutions.
Even when there’s just a suspected breach, most states require written notification to any and all potentially affected persons within strict time limits.
This can include customers, patients, employees, vendors, or suppliers. Also it often includes regulators, the police and FBI, and possibly other state and federal officials.
- What’s your contact plan? Do you have all necessary address information readily available?
- Who’s going to do the work? There are many outsourced solutions like call centers.
- What will you say? And what protections will you offer? Setting up communication templates in advance can make you look much more professional and prepared.
Notification will be most effective if you get specialized legal and IT forensic advice, and usually hands-on assistance. You must quickly determine exactly what happened, what was lost, and you must preserve all the evidence. And it all must be done while repairing your IT systems and getting your business back to full speed.
Call or email if you’d like to discuss a concern – or share any solutions you have discovered. I’d be pleased to hear from you (510-685-3883 | firstname.lastname@example.org).