7 Components of a Business Data Breach Defense Plan

Data Breach Defense Plan

Most businesses have confidential information stored, such as client or employee addresses, phone numbers, social security numbers, dates of birth or credit card information. A data breach could result in theft of client or employee confidential information. Individuals, known as hackers, may try to gain unauthorized access to private business or client data. The unauthorized intrusion could result in the viewing or stealing of confidential data. It is important that businesses have a data breach defense plan ready to take quick action.

Components Included In A Business Data Breach Defense Plan

  1. Appoint a Breach Response Team: One person from each department should be assigned to the response team. Be sure to include management leaders, security personnel, human resources, IT staff, customer service and public relations representatives on the breach response team. The breach response team leader should be in charge of coordinating the company’s response efforts. List names and contact information for each person appointed to the breach response team in the defense plan.
  2. Include Vital Tasks: All tasks vital to investigating the breach, steps to assess breach and public relations steps should be documented in the defense plan. The defense plan should be updated frequently.
  3. Journal for Documentation: A journal should be designated to document the date and time the breach is detected. Other details of the investigation may be noted in the journal as well. The journal is an important component of the data breach defense plan.
  4. Establish Relationship with External Sources: The breach response team should develop a relationship with law enforcement officials in advance of a breach. A relationship should also be established with a breach resolution vendor and an identity theft protection service. The names and contact information of law enforcement officials, breach resolution vendor selected and identity theft protection service should be included in the plan.
  5. Train and Update Staff: All staff should be trained on breach protocol. Staff should be aware of breach response team members and informed to call the team leader if an incident occurs. Members of the data breach response team should be assigned to train the staff. The staff should have access to copies of the data breach defense plan.
  6. Public Statement: A public relations response team member should prepare a statement in conjunction with top management leaders, the data breach resolution vendor and a representative from the identity theft protection service. The statement should include details of how clients or employees impacted by the breach will be contacted. The statement should be broadcast on a local news station. A sample public statement should be included in the defense plan.
  7. Notify Persons Affected: Notify persons affected by the data breach. Identity theft protection should be offered to each client or employee impacted by the data breach. The company should be prepared to respond to inquiries concerning the data breach. List details of the identity theft protection offer and sample notification letters in the defense plan.

* Photo courtesy of RT@Forbes Tech Symantec Voice: What Businesses Should Know About the FTC and Data Breaches by Humans Development at Flickr’s Creative Commons

Recommended Posts | Network Management

 Data Centers

The 6 Issues That Will Shape Data Centers

As organizations start to evaluate business plans for their data centers it brings many changes. Companies are align IT objectives with company's overall business goals. Therefore, IT teams, data center policies, and external service providers will have a new role in the company’s business structure ...
Software Defined Networking (SDN)

An Overview of Software Defined Networking (SDN)

Software-defined networking (SDN) is a recent revolutionary concept, which aims to optimise a network's functioning and dramatically improve its efficiency. This is a kind of umbrella term, which covers several different types of network technology, all with the goal of making a network ...
Network Doing Today

What's Your Network Doing Today?

Do you know what is happening on your network at any given moment? Do you have any idea how your servers, workstations, printers, and switches are performing? If your answer is no, then it's time you find out! RMM (Remote Monitoring and Management) software provides insight into a multitude ...
Security Secrets

6 Computer Security Secrets That Experts Wish You Knew

You may frequently hear about security defects, viruses and malicious gangs of hackers who could leave you indigent and bring your company to its knees. But what are the underlying facts about these digital dangers? Few computer security specialists have tried to differentiate between myths & facts ...