As a full-time security analyst, I’ve been explaining a lot lately to people about data breaches, since data breaches, more than ever before, are making headline news. But how do data breaches happen in the first place?
Here’s four chief ways how data breaches happen:
1. Illegal access to information or systems. PII data can be illegally accessed via technology such as computer hacking or infecting computers with viruses, Trojans or worms-leading to stolen data or malfunctioning systems.
2. An inside job. Employees (past or present) can commit data breaches. Also, an innocent employee is tricked by social engineering into revealing confidential information or giving out access to that information.
3. Judgment lapse. An employee may leave data unprotected-not on purpose, but due to an oversight, making it easy prey for villains.
4. Device loss. When a device that contains valuable data is lost or misplaced, a thief could get ahold of it-and then all hell can break loose.
Don’t wait for a breach to figure out a plan of action. Have the plan in place in anticipation of an attack. The plan should be built around written emergency contacts, clear guidelines to which law enforcement outfits should be contacted for resolution, and a notification time-frame.
Put in place vendor contracts that have a call center unless the company’s staff can handle a big data breach. The contracts should also include a mail-house for letters of notification, and previously agreed rates pertaining to consumer fraud protection should the business need to notify clients or customers.
When a breach occurs, consult with legal counsel, always. In addition, there are certain actions you must take. First, find out how the breach occurred, then contain it. Get a solution started to prevent it from striking again. Alert relevant employees.
Also notify external entities in a timely fashion such as law enforcement, a forensics investigator, consumers, FTC and any affected vendors and suppliers.
- A strong prevention strategy for data breaching depends upon top management, to ensure that the company’s budget covers fiscal and personnel resources.
- From the get-go, the company’s most high-up individuals should be included in devising any plans to protect against and mitigate data breaches.
- Getting upper management involved is critical for establishing a solid groundwork for security.
- Keeping up to date and re-evaluations should be carried out on an ongoing basis to always stay on top of the latest trends in data breach and security technologies.
- Also ongoing should be training and practice of the company’s response plan to data breaching.