Cyber Drill Down #3

This Tip is the third and final installment of the Cyber Breach Response series. So far, we’ve discussed the costs of a data loss, the benefits to your reputation of having a plan, and the likelihood that any business can and will be attacked.

We’ve also outlined how to prevent a data loss, ways to quickly discover a breach, and notification requirements. Now your final plans need to focus on 1) options to protect the victims and 2) pro-active communication to your different audiences.  These can go a long way to ensure understanding and prevent lawsuits.

Protecting Victims  

The options are evolving. The standard use to be credit monitoring (CM) and that can be important if SS numbers have been compromised. CM protects only from new accounts being opened, not activity on existing accounts.

A more popular protection choice is identity theft recovery – where expert analysts go in and fix existing credit, financial, or healthcare accounts and watch for future problems. All impacted persons (victims of the data breach) are given free access to these services and they can call for help whenever they discover trouble.

Combinations of options are also available, and you need to decide how long the protection will last (often 12 months). Many data loss prevention vendors offer multiple response solutions.

Communication  

As always, in today’s competitive world, you must be ready to pro-actively communicate with many audiences. This is true not just for the notification stage, but also along the way as you discover more details and implement improvements, as well as after the work is done.

Transparent, honest communication can reassure existing and potential customers, vendors, regulators and the media that you have the situation under control. It starts to re-build your level of trust.

Very few people today expect their personal data to be risk-free. They do expect solutions, improvements, and reassurance.

  • Be ready – draft messages that you would like to get if you were in their shoes.
  • Watch all areas of communication: email, websites, social media and Yelp-type comments.
  • Line up your resources in case any of this becomes overwhelming.

Financing

Finally, there are relatively affordable data/network security insurance policies available to help pay the costs of most areas of your breach response. Request proposals from your insurance broker and evaluate the cost-benefit.

Call or email me (510-685-3883 |  charles@risksmartsolutions.com) with questions, concerns, or for ideas on how to get started. There’s never a cost or obligation for brainstorming.

About the Author:

3 Comments

  1. Charles T. Wilson May 5, 2015 at 5:27 pm - Reply

    Thanks, Corri for your feedback and stories – they always bring “life” to a post!
    And Tom, I appreciate your loyal readership – thanks for chiming in.

  2. Tom Bone May 5, 2015 at 4:08 pm - Reply

    This is a well thought out series of articles that helps all stakeholders…..thank you Charles for sharing them.

  3. Corri F. DiBagno May 5, 2015 at 12:21 pm - Reply

    Excellent Risk Smart Tip re: protection of victims and communication with all parties.

    On a personal level, my wife received a phone call from her dentist advising a “possible”breach of security/data. We were most impressed by the protocol. The office manager advised us , a former employee(terminated for cause) failed to return her laptop computer. As a precaution, all sensitive data went into “lockdown” i.e. no access by anyone until all systems could be verified that no breach had taken place. Once it was determined that all patient information was secure, calls were made to appropriate patients that may have been involved with the terminated employee.My wife was offered an identity theft protection option as well as credit monitoring service. All appears to be secure and we are relieved this did not become a” problem”. We thanked our dentist and he thanked us for our understanding and co-operation.

    An example of a “small business” taking proactive big steps to protect their “customers”(patients).

Leave A Comment