If you have any questions about our resources or any topics related to Experian Data Breach Resolution, please contact us at firstname.lastname@example.org or call 1 866 751 1323.
Are global data breaches off your radar? Well, they really shouldn’t be off anyone’s radar screen. The truth is even small firms that sell products online can be victims if one of their customers live abroad.
Statistics show that global breaches are increasing rapidly. There were 2,644 worldwide breaches reported in 2012 – more than double the number reported in 2011.1 And as Big Data continues to grow, along with the use of cloud storage, global breaches will grow too.
Now, more than ever, it’s essential for organizations to prepare for an international incident. Experian® Data Breach Resolution, which has responded to more than 500 international breaches, knows firsthand the complexities of handling incidents in different parts of the world. We know these incidents involve different languages, different notification laws and most importantly, different cultures. As a result, we recommend the following five tips to prepare for a global breach.
1) Create an International Breach Response Plan
An updated response plan can save a business nearly 25 percent per record, according to the Ponemon Institute, and at that rate, a company can save $1.2 million per breach.2 A global breach response plan needs to include an internal response team, external consultants and the steps that need to be taken to investigate, mitigate and respond to the breach.
2) Engage Outside Legal Counsel, PR and Call Centers
When working in a foreign country, it may be crucial to hire an attorney who is familiar with local breach notification laws or guidelines, understands the political climate surrounding privacy issues, and is familiar with current or proposed legislation. In addition, pre-negotiating legal arrangements can help you have an attorney readily available.
Companies should also engage a local PR consultant and call centers. A local PR partner may have a better feel for how much information to release and when to release it and local call centers can hire people who speak the native language and can relate better to their fellow citizens. These consultants can be secured ahead of time so you don’t have to scramble in the middle of a crisis to find them.
3) Is the CEO on Board?
At the heart of every incident response plan is the team that implements it. The team should consist of a lead, senior management, compliance, privacy, IT security, legal counsel (internal or external), risk management, PR (internal or external), human resources, customer service or patient relations. Other outside consultants usually include forensics investigators and breach resolution providers. But perhaps the most important person to have involved is the Chief Executive Officer. This is the leader of the organization and without his or her consent, not much can be accomplished.
4) Practice Makes Perfect
A breach response plan needs to be practiced to see if it works and to see if it needs improvement. A company’s response team may also have to be updated as people come and go from the organization. It should include a contact list of external partners as well.
5) Walk in Your Consumers’ Shoes
One aspect of breach preparation and response that’s the same regardless of location is to remember your clients, patients or employees. Think of them when preparing for a breach and if an incident occurs, try to walk in their shoes. Think about how they feel and how you can rebuild their trust. Provide an identity protection product with credit monitoring to ease their fears of becoming a victim and be honest in your notification letters, emails, website and at your call centers.
Prepare for the Worst So You Can Respond at Your Best
When all is said and done, preparing for an international breach is similar to preparing for a natural disaster. You should brace for the worst and protect your most valuable asset – your consumers – and their trust in your organization.
12012 Data Breach QuickView Report, Open Security Foundation and Risk Based Security, Inc., February, 2013
2 “2013 Cost of a Data Breach Study: Global Analysis,”Ponemon Institute, 2013. The $1.2 million savings was calculated by multiplying $42 per breached record X 28,765 records = $1,208,130 rounded off to $1.2 million. The $42 per record and the 28,765 records were taken from the “2013 Cost of a Data Breach Study: Global Analysis.”