10 Ways to Improve Your Company’s Data Breach Preparedness

Posted  December 16, 2014  by  Shred-it

How would your organization deal with a large data breach?

Many businesses would not know how to respond, according to security solutions expert Phil Smith who has done hundreds of post breach forensic investigations.

In a commentary posted at darkreading.com, Smith wrote: “If an incident response readiness program is not up-to-date and not tested, the response will be unorganized and lead to mistakes, delay and further exposure. Executives and lawyers will be scrambling for answers and unintentionally divert IT and other resources from responding to the actual incident.”

Here are 10 ways to improve an organization’s data breach preparedness.

  1. Create an incident response plan. It should provide steps, timelines, and checklists for what needs to be done in case of an incident. (Having one can decrease the cost of a data breach by $12.77 for each lost or stolen record, according to the 2014 Cost of Data Breach Study by Ponemon. The average cost paid for each breached record was $145.)
  2. Keep the data breach plan up-to-date. Things are always changing, and it’s important to be flexible and current according to Ponemon’s 2014 Second Annual Study on Data Breach Preparedness.
  3. Invest in IT. The latest cyber security software, encryption software, and firewall protection are important. But research highlights two areas in particular: continuous monitoring information systems and enabling timely detections of a security breach.
  4. Conduct a security risk assessment regularly. This will help you to know where you need to make improvements to avoid damaging security breaches.
  5. Appoint a Chief Information Security Officer (CISO) to lead the incident response team. This type of leadership is important. Also, the 2014 Cost of Data Breach Study: United States showed having a CISO could reduce the cost per lost or stolen record by $10.
  6. Provide security awareness training. Mistakes made by employees are a frequent cause of data breaches. What’s most important is that staff knows how to respond to network security and other breach incidents quickly and correctly, according to the SANS Institute, which specializes in computer security training.
  7. Provide specific customer service training. After a breach, customer service department employees are often the ones fielding questions from concerned customers. In 2014, just 34% of the data breach preparedness study respondents provided this type of training. 
  8. Rehearse the incident response plan. Conducting practice runs of your emergency preparedness plan will help ensure that everything is covered, according to the Data Breach Response Guide 2013-2014 by Experian.
  9. Consider data breach or cyber insurance. Statistics show that data breach insurance is becoming an important part of a company’s preparedness plans. The Data Breach Preparedness study showed that in 2013 10% of companies purchased a policy; this year, 26% did.
  10. Make information security a standard in the workplace. Integrating information security policies such as secure document destruction and a Shred All Policy will help reduce data breach risk. All documents that are no longer needed should be deposited into locked consoles for secure on or off site shredding. This infographic explains why e-media and hard drive destruction should also be provided by your shredding services provider. 

In an age of increased security threats, learn why prevention is still one of the best tools in crisis management.

Request a Quote

Fill out the form below and we’ll contact you with a free quote within the hour! (Between 8:00am and 5:00pm, Mon - Fri)

Select Service

Company info

Your info

Additional Info