BreachExchange mailing list archives
Data Breach Planning 101
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 12 Aug 2014 20:02:16 -0600
http://www.atmmarketplace.com/blogs/data-breach-planning-101/ A security system that’s impenetrable has yet to be invented. What's more, an amazing number of businesses don’t have the best security system available, anyway. So, don’t think in terms of “if” you’ll suffer a data breach, but rather, “when.” Once you establish this mindset, you'll know that it's time to develop a response plan. For starters, a response plan should include as much information about the incident as possible, maintaining transparency (consult your legal team about the types of information that should and should not be disclosed) and aggressively managing the circumstances. Another area to consider when developing a response plan is how the data breach will affect customers and clients — namely, their trust in the company. The Ponemon Institute has said that much of the damage from a data breach stems from the loss of customer trust in the company. Though the average number of customers who vanish following a data breach sits at about 4 percent, some enterprises see an average customer churn rate of 7 percent, according to Ponemon. While this might seem like a small percentage, it undoubtedly will be noticed when it comes to the bottom line. So how can a company prepare to retain as many customers as possible following a data breach? By being prepared, including advance preparations to keep breach management levelheaded. One way to stay cool and collected is to avoid jumping the gun when the breach occurs, because if the business is too hasty at revealing the problem, the organization will have that much less time to respond in an efficient, optimal matter. This means taking take the time to consult with experts and gather all of the facts before reacting.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Data Breach Planning 101 Audrey McNeil (Aug 18)