In an increasingly cloud-based world, our data security needs to be stronger than ever. No matter how rigorous the preparation, 100% protection is not possible (and claiming otherwise will discredit your company). For a company's management of data, there are three fields of thought: those who have been hacked, those who will be hacked, and those who deny the possibility.
Plan for the inevitable. Aside from speeding up resolution of the breach, having a response plan is also incredibly important for liability. Having a process in place is crucial for post-breach litigation, response to government investigation, and management of media inquiries and public opinion. While you should make every effort to avoid a data leak, there are also some important tools you should have at the ready:
- Knowledge of law enforcement – Resolution of your data breach will likely involve law enforcement. Knowing who will help you and what information they’ll need will keep you prepared for the worst-case scenario.
- Relationship with media outlets – The news of your data breach will get out. It will look a lot better if you’re the one who breaks the news, and having a point of contact to help you do that will be a huge benefit. Be sure to identify that contact before the breach occurs and maintain that relationship over time.
- Education for your Board of Directors – While data breaches may have - at one time - been a low-level IT problem, that time is long past. Make sure your Board understands this, as the public is beginning to hold Boards accountable for data breaches.
- An insurance plan – Did you know your liability coverage may not cover data breaches? Make sure your insurance plan provides coverage, and if it doesn’t…get one that does.
- Customer notification statement – Not only is notifying your customers the law in 49 states (with a host of international rules and regulations to boot), it’s just best practice. Reaching out to your media contact is a start, but personally reaching out to your customers is essential.
Dealing with data leaks isn’t easy, but it doesn’t have to be a catastrophe. With enough preparation, you’ll move on with better security and stronger customer relations.