This Tip is the third and final installment of the Cyber Breach Response series. So far, we’ve discussed the costs of a data loss, the benefits to your reputation of having a plan, and the likelihood that any business can and will be attacked.
We’ve also outlined how to prevent a data loss, ways to quickly discover a breach, and notification requirements. Now your final plans need to focus on 1) options to protect the victims and 2) pro-active communication to your different audiences. These can go a long way to ensure understanding and prevent lawsuits.
The options are evolving. The standard use to be credit monitoring (CM) and that can be important if SS numbers have been compromised. CM protects only from new accounts being opened, not activity on existing accounts.
A more popular protection choice is identity theft recovery – where expert analysts go in and fix existing credit, financial, or healthcare accounts and watch for future problems. All impacted persons (victims of the data breach) are given free access to these services and they can call for help whenever they discover trouble.
Combinations of options are also available, and you need to decide how long the protection will last (often 12 months). Many data loss prevention vendors offer multiple response solutions.
As always, in today’s competitive world, you must be ready to pro-actively communicate with many audiences. This is true not just for the notification stage, but also along the way as you discover more details and implement improvements, as well as after the work is done.
Transparent, honest communication can reassure existing and potential customers, vendors, regulators and the media that you have the situation under control. It starts to re-build your level of trust.
Very few people today expect their personal data to be risk-free. They do expect solutions, improvements, and reassurance.
- Be ready – draft messages that you would like to get if you were in their shoes.
- Watch all areas of communication: email, websites, social media and Yelp-type comments.
- Line up your resources in case any of this becomes overwhelming.
Finally, there are relatively affordable data/network security insurance policies available to help pay the costs of most areas of your breach response. Request proposals from your insurance broker and evaluate the cost-benefit.
Call or email me (510-685-3883 | firstname.lastname@example.org) with questions, concerns, or for ideas on how to get started. There’s never a cost or obligation for brainstorming.