BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Data Breach Planning 101

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 12 Aug 2014 20:02:16 -0600
http://www.atmmarketplace.com/blogs/data-breach-planning-101/

A security system that’s impenetrable has yet to be invented. What's more,
an amazing number of businesses don’t have the best security system
available, anyway.

So, don’t think in terms of “if” you’ll suffer a data breach, but rather,
“when.” Once you establish this mindset, you'll know that it's time to
develop a response plan.

For starters, a response plan should include as much information about the
incident as possible, maintaining transparency (consult your legal team
about the types of information that should and should not be disclosed) and
aggressively managing the circumstances.

Another area to consider when developing a response plan is how the data
breach will affect customers and clients — namely, their trust in the
company. The Ponemon Institute has said that much of the damage from a data
breach stems from the loss of customer trust in the company.

Though the average number of customers who vanish following a data breach
sits at about 4 percent, some enterprises see an average customer churn
rate of 7 percent, according to Ponemon.

While this might seem like a small percentage, it undoubtedly will be
noticed when it comes to the bottom line.

So how can a company prepare to retain as many customers as possible
following a data breach? By being prepared, including advance preparations
to keep breach management levelheaded.

One way to stay cool and collected is to avoid jumping the gun when the
breach occurs, because if the business is too hasty at revealing the
problem, the organization will have that much less time to respond in an
efficient, optimal matter. This means taking take the time to consult with
experts and gather all of the facts before reacting.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: