LivingSocial, Evernote, Target. These names probably have you thinking data breach. These were a few of the big ones from 2013. Not only did data breaches cost these companies millions of dollars, they also did damage to their reputations. Companies are attacked on average of two million times per week, and hackers don’t discriminate based on size, industry or location.
It’s time to prepare for security incidents and data breaches.
Think of the money
Data breaches can be costly; the average successful attack costs the company $300K. Being prepared for a breach will save an organization a lot of money. Consider getting a cyber-insurance policy that will protect your company financially should a breach cut into your funds. A recent Ponemon study found that one third of companies have already invested in cyber-insurance, an industry expected to boom in the coming year. This trend shows that it might be time to think beyond technological protection.
Also, be fully prepared to deal with customers should a breach occur. Managing customer concerns will help you reassure existing customers and help you keep them as customers. The more quickly and efficiently you deal with a breach, the less it will cost you in dollars and reputation. Dealing with customer communications should be part of your incident response team’s responsibilities.
A trained team already in place will mean you can deal with the incident quickly, reducing the potential cost of the breach.
Create your incident response team
We can’t stress this one enough, a strong incident response team needs to be in place before the breach occurs. Creating this team requires an investment of time and talent, but doing so will save you money and worry in the long run. For most companies, it’s not a matter of if they will be breached, but when. When that data breach happens, it’s probably going to be the first time you’ve been breached. You will need people in place who already know how to handle the situation. After a breach is not the time to be learning about who needs to be contacted and what needs to be said. Advance work by an reliable team is what we mean by preparation.
When breaches happen, they affect many people. You aren’t in this alone, and there’s no reason you should try to battle it alone. Build outside partnerships with organizations or people who will be able to help you communicate, educate or even provide you services in the case of a data breach. Local municipalities may even be interested in getting involved; in many states they already are.
The more information lost in a breach, the bigger the problem. Minimize your risk by minimizing the amount of data you collect and store. Taking a few simple steps will help ensure that your organization isn’t going to be responsible for stolen data that it didn’t even need in the first place:
- Only collect the information you need
- Keep the number of places you store data to a necessary minimum
- Only give access to data to employees who need access
- Purge data once the need for it has expired
Protecting your data is important; a lot is at stake from financial loss to a loss of reputation. We hear a lot about the big companies who suffer breaches, but data breaches can happen to anyone. Expect it will happen to you in 2014 and prepare for it now.