Data Breach Preparedness Kit: Use This One to Protect Your Brand
A recent Forbes Insights report confirmed what most people already know – security breaches can damage brand image if they’re not dealt with properly, making data breach recovery crucial.
An organization’s brand represents who and what a company is all about. The brand is identified by the name, logo, messaging, merchandise, design – and anything else that sets the company apart.
In the Forbes report, Fallout: The Reputational Impact of IT Risk, a cyber security breach damaged both reputation and brand value for almost half of the participating organizations.
Previously, Ponemon showed that when confidential customer and business information is lost or stolen, the value of reputation and brand image takes a direct hit. Furthermore, over half of companies in the study said it would take 10 months to over 2 years to restore a damaged reputation.
Data breach recovery is much more positive when an organization is prepared. What would a data breach preparedness ‘kit’ contain?
- A Full Team: An incident response team with representation from all departments is important. The team includes first responders (available 24/7), legal counsel, and a media-savvy spokesperson. Also, executive level involvement is critical for the most effective response, according to the 2014 Importance of Senior Executive Involvement in Breach Response study by Ponemon.
- Risk and Response Planning: The organization uses risk assessment tools to identify vulnerabilities – and to build an Incident Response Plan. A formal plan can reduce the average cost of a breach.
- Compliance: The company stays up-to-date about privacy laws that pertain – whether confidential data is in digital form or on paper. Most states have laws that govern data breach notification, and there are renewed calls for Federal breach legislation too.
- Data 'Stewardship’: Experts today encourage organizations to go beyond compliance and to embrace data stewardship. This is about recognizing the long term impact to a brand and the importance of consumer trust, said the 2015 Data Protection & Breach Readiness Guide from Online Trust Alliance.
- Training: A data breach checklist includes on-going information security training that helps employees handle sensitive information better. The Ponemon breach response study showed that negligent and malicious insiders are considered the biggest security risks. Conduct breach simulations too.
- Transparency: Experts say transparency is a key aspect of stakeholder trust. On a day-to-day basis, that means providing transparency in regards to what data are collected and retained, how it is stored and for how long, and how committed the company is to security.
- Communications: For effective notification, a company takes responsibility and apologizes, advised the Online Trust Alliance. People who have been impacted by the breach are given clear options. The company explains the steps it is taking to help make sure this type of incident will not happen again.
- Data Minimization: Keeping only the information that is needed is a powerful element of preparedness, said a Kroll.com article. A comprehensive document management policy protects information from creation to disposal both in handling and IT protection. Partner with a document destruction company to purge and securely destroy data when it is no longer needed.
Use these helpful information security reminders for employees as part of your data breach checklist.