2015 marked heightened stakes in data breach response. Both the U.S. government’s Office of Personnel Management and the director of the CIA experienced attacks from hackers. While these attacks were geared specifically at government agencies, any company that collects sensitive data can be targeted by hackers and nation-state actors.
Sadly, there is no end in sight for the lifespan of the data breach. In fact, it has been predicted that by 2018, nearly 8 million people will experience a credit card breach in combination with identity fraud in the same year. Cyber criminals have become more sophisticated in their hacks, parlaying one into another. They have even crafted means by which they trick unsuspecting people into compromising corporate security. This solidifies the notion that a cyber-attack is almost inevitable for every organization.
Today, prepping for a cyber-attack should be as ingrained as a fire drill. Here are a few steps to properly prepare the event of a breach.
- Immediately assemble the breach response team. Be sure to include both internal experts and third-party partners (legal and communications experts).
- Review and update the plan. While a finely tuned plan is certainly an advantage over none at all, no data breach is exactly the same. So the first step to take in the event of an actual breach should be making needed changes to the documented plan. The guiding principle in a response plan should be to keep the focus on the customers.
- Launch the initial response. Be proactive in informing your customers and regulatory agencies about what has happened and how you intend to minimize and damage that results from the attack. One thing to remember: only release information that has been confirmed at the time. Avoiding the release of public information that may need to be corrected at some point will save you a major headache.
To read the entire article, please visit www.bankdirector.com.