When a Corporate Data Breach Happens: Critical Next Steps for 2019

Corporate Breach Response

What if my Business is Next?

Regardless of cybersecurity proficiency, no organization is safe from data breaches. That’s why it’s critical that every business develops and documents an Incident Response Plan. Your response plan will outline steps your organization should take if you suspect data has been compromised. The quicker your business follows the plan, the better off you will be, and you will be in position to mitigate the impact the data loss will have on your business.

According to the 2018 IBM Cyber Resilience study, 77% of businesses worldwide do not have an incident response plan applied consistently across their organization.

Reviewing recent 2018 breaches, you’ll begin to realize that even corporations such as Marriott, Amazon, USPS, Google+ and Facebook are susceptible to cybercrime. If fraudsters can infiltrate these large enterprises, imagine what they can do to small and medium-sized businesses (SMBs). It’s only a matter of time, and the time to prepare your organization is now.

Building Your Breach Response Team

It is critical that key personnel are trained and understand their responsibilities to effectively respond when a security breach occurs. By identifying and containing a breach you can save yourself a lot of money. Establishing an incident response team reduces the cost of a data breach by as much as $14 per compromised record.

When developing a data breach response plan, it is crucial that activities across teams are coordinated diligently to reduce the chances for unintentional errors.

IT and Security personnel should be continuously assessing your company’s data security gaps and training on how to detect vulnerabilities and apply necessary security measures. They are also the first responders for the containment and mediation of a breach. According to the 2018 Cost of a Data Breach Study by Ponemon, companies that identified a breach in less than 100 days saved more than $1 million compared to those that took over 100 days. A Legal Team may need to work alongside IT depending on the severity of the breach to identify legal obligations and provide advice.

Human Resources will serve as the frontline for communicating with employees, especially if their personal information was breached. They may also help equip employees with resources and best practices for further protecting themselves and their families (both before and after a reported security incident).

The Communications Team is accountable for notifying those impacted, as well as the press. They must work hand-in-hand with the Legal Team to make sure communications are timely and accurate, which can help to minimize the possibility of government-imposed fines from regulations such as GDPR and PIPEDA.

Developing a Breach Communications Plan

As a reputable business, you are responsible for notifying law enforcement, other affected businesses, partners, employees and customers of the potential information disclosed. Post data breach communications may include explaining how the incident occurred, what information was compromised, what actions have been taken to remedy the situation, and how your business intends on protecting affected individuals. It’s important to note that your employees or customers will respond with questions and that you should be prepared with answers, such as a formal Q&A document. In addition, be prepared for inquiries to surface via phone calls, e-mails, social media, and press. Keep your communication honest and timely as this will help you maintain strong relationships with your customers.

State and federal laws dictate the notification requirements of your business. Some states require immediate notification while others allow up to a 90 day grace period. The chances for litigations and fines are diminished as your business familiarizes with these requirements. Being timely with your notification also promotes an honest demeanor, helping protect your businesses reputation and helping avoid customer turnover.

Training and Awareness

For your Incident Response Strategy to be effective, employees should periodically practice with simulated breaches. If an event does occur, response team members should be familiar with the processes within the plan and ready to jump into action. When executing your plan, keep a keen eye on potential roadblocks and make improvements to the framework with every rehearsal. By making your Data Breach Response Plan a routine, you can help your organization be better prepared for an actual breach.

Proactive Tips for Businesses in Today’s Breach Environment

Be Prepared: Don’t wait until a breach occurs to create your Response Plan.

Protect Your Employees, Customers, and Partners: Arm your business with identity protection tools as an added layer of defense.

Practice Makes Perfect: When a breach occurs, it should not be the first time personnel are going through your business’ Incident Response Plan.

Continue following Fighting Identity Crimes to get the latest breach and scam updates, ID protection news & tips from our industry experts!

Follow us on social!
Facebook | Twitter | LinkedIn | Google+


Three External Scams Targeting Your Small Business

Small Business Owner Concerned About Scam

Businesses Beware  

Scammers are getting more sophisticated and are constantly evolving to avoid detection. And, within small businesses themselves, there are internal issues that may lead to a higher risk of further external scams. For example, small and mid-sized businesses (SMBs), who often lack a proper system of checks and balances, are especially appealing to fraudsters. In a report released in April 2018 by the Association of Certified Fraud Examiners, scams within businesses with fewer than 100 employees, led to the following:

  • Median loses of $850,000 – this was due to fraud committed by an owner or executive within the small business, further emphasizing the need for checks and balances.
  • Check and payment tampering was nearly three times more likely at a small business than a larger one (22% to 8%). Other frauds much more common at small businesses included skimming (20% vs. 8%) and payroll (13% to 5%).

Continue reading

Cybersecurity Best Practices – In & Out of the Office

National Cybersecurity Awareness Month: A Year-Long Effort

October is National Cybersecurity Awareness Month – a time that is dedicated to showcasing how to stay safe online by providing insight and best practices on how to protect Personally Identifiable Information (PII), financial and sensitive proprietary data.

The need for proper cybersecurity within the workplace should be a continuous effort throughout the year. With small businesses feeling the brunt of data breach events, many of which are caused by cyberattacks or other security vulnerabilities, a proactive attitude toward cybersecurity risks in the workplace is now more important than ever.

Your employees are ultimately your first line of defense against potential data breaches, and they can make or break your overall business security. However, employees may not realize that protecting business information also means protecting their personal information, too.

Continue reading

Risky Business: The Hidden Costs & Impact of Business Data Breaches

Data Breaches Become Business-As-Usual

With the volume and velocity of data breaches increasing year-over-year, it’s safe to say no business is safe. Now is the time to be prepared for the myriad of threats to personally identifiable information (PII) – that your business has on employees, customers, partners, vendors – essentially all of the data that runs the business.

Data breaches are often not easily contained (Equifax) nor can their impact be viewed as trivial. Let’s take a closer look at the impact of today’s data breaches upon businesses of all sizes.

Continue reading