What’s your company’s game plan for moving forward in 2015? Perhaps you intend to expand into new markets, or increase profit by improving efficiencies. Maybe you’ll be hiring to help fuel growth or enriching training programs to help cultivate employee productivity. Whatever your business goals for 2015, one vital move should be at the top of the list: updating your data breach response plan.
In 2014, 761 reported data breaches exposed more than 83.1 million records, according to the Identity Theft Resource Center. While more breaches occurred in 2014 than in the year before, fewer records were exposed. Still, there’s no arguing that the high visibility of incidents like the Sony hack – and its resulting fallout – has impacted the business environment.
With the likelihood of a breach being so high, and the associated costs so potentially devastating, it’s imperative that businesses of all sizes and across all industries enter 2015 with an effective data breach response plan. It’s especially important for small businesses to be prepared; the National Cyber Security Alliance states that many small businesses fail in the wake of a data breach, yet nearly half (47 percent) mistakenly believe a breach would have no impact on their business.
As you’re readying your business plans for 2015, be sure to take key steps to create a data breach response plan if you don’t already have one, and to update your existing plan. These steps should include:
- Review your exposure and existing response plan. Did events within your business or in the greater business environment during 2014 increase your risks of cyber-attack? How do you need to adjust your data breach response plan to address these new risks and those that might emerge in the future? If your business was breached in 2014, how well did your plan work? How can you improve its effectiveness in 2015?
- Establish who is steering your response. One Ponemon study found that companies that have a chief information security officer experience lower costs when a data breach occurs. While small businesses may not have the staff or wherewithal to appoint a dedicated CISO, they can – and must – establish who in their organization will be the leader driving their response when a breach occurs.
- Shore up a team approach. Larger organizations should have a clearly defined team that will handle all aspects of response and recovery when a breach occurs. For both larger organizations and small businesses, working with an outside organization – like Experian Data Breach Resolution – can help shore up any gaps in their team approach.
- Review and refine written cyber security policies. From company policies on BYOD, strong passwords and employee training to a data breach response plan that details the services your company will offer to consumers in the event a breach occurs, every organization should have a clearly defined suite of written policies to address every aspect of cyber security. Be sure yours are up to date, that they address current state and federal notification regulations, and are clearly communicated to all employees.