Breaches are unavoidable, but damage can be mitigated
We’ve all heard about data breaches over recent months at credit card companies and retailers such as Capital One and, in some cases, even with state and federal information and communications systems.
There is no doubt these situations are disastrous for the organizations involved, for reasons no business wants to experience. The thought of diminishing the good will of customers and consumers, possibly millions of dollars in lawsuits to compensate customer losses, and even potential damage to internal systems if the breach is the result of some virus or malware is bound to keep anyone up at night.
The best approach to avoid experiencing a data breach is prevention. However, as we saw with Capital One’s recent breach, a determined and sophisticated hacker may be able to devise a few lines of code, hide them in a legitimate data download and then execute the code to rummage through the files in use, copy the data and — depending on the type of information — sell it.
When working with high volumes of data, establishing an Incident Response Team (IRT) is a first line of defense in identifying a breach incident. This group should be trained in relevant systems and aware of all the legal and contractual regulations associated with them. From there, the next step in prevention is creating a data breach and risk mitigation plan. Implementing a formal risk management plan that includes regular risk assessments and identifies potential gaps is critical today.
There are several elements that should be part of the breach prevention plan.
Identify risk. This involves understanding the resources involved in your operations, the related risks to your IT functions and how to assess every situation, including asset management, risk assessment and having a risk management strategy for the overall business environment.
Protect the data. A plan needs to be in place for controlling access to systems and data. This includes employee training, data security, information protection processes and procedures, maintenance and protective technology. For example, limiting access to only the staff members who need to see customer data and/or only designated segments of it, as well as password systems that are rigorously tracked and updated as an employee’s status changes.
Detect potential breaches. To avoid any surprises, develop documented monitoring systems specific to where and how your data is stored and utilized, and explore methods to alert you if the information has been accessed without authorization.
React appropriately to any breach. If breaches do occur, manage them as quickly and efficiently as possible to minimize any damage they might cause, containing the impacts of any security breach. This includes being prepared with communications for your organization and clients. Your IRT will need to do a careful and meticulous analysis of what happened and how it occurred, and use this information to improve security in the future.
Take post-incident action. Once the breach has been identified and all necessary notifications made, it’s best for the IRT to check all the affected systems and to determine the root entry point of the breach. How were systems accessed? Are any security patches or access points faulty? Did you install any new equipment? If so, was it properly configured, along with your existing equipment? Were your standing security procedures violated? Was an employee at fault, deliberately or otherwise? Based on the answers to these questions, you may need to take disciplinary or legal action where applicable; implement all necessary steps to prevent a reoccurrence; and update security policies and procedures as necessary.
No one wants a data breach to occur. The best you can do to avoid them is to have these types of security measures in place. It is important for everyone in business today to stay alert to new threats and security innovations and to regularly review and monitor your internal systems.