This article was also published by APSCo. To read the article on their website please click here.
With cyber security dominating the headlines over the last seven days, Partner and data theft expert Hugo Plowman has put together five things businesses can do to protect their business before a data breach occurs and if a breach takes place.
Hugo commented: "A crisis can feed paranoia and uncertainty. Yet basic alert mechanisms and security measures can help businesses to investigate a data breach quickly and accurately, before responding decisively to an incident if it does happen."
BEFORE A DATA BREACH
- Introduce the correct management structure and clearly define responsibilities. Create a crisis response team and train them regularly in how to respond to a breach.
- Recognise and register legal rights: make sure you have identified and taken steps to protect valuable data.
- Ensure compliance with regulatory obligations, including having adequate software and systems in place to protect your data.
- Introduce watertight contractual arrangements, cyber security policies and procedures then raise awareness about them and train your staff on how to implement them.
- Ensure your insurance policies give you the right cover. If you have concerns, it is within your rights to challenge your broker: this is still an emerging space.
AFTER A DATA BREACH
- Move quickly: you need to investigate who is behind the breach, how they have got in, what has been taken, when it happened and why.
- Contact your insurer and confirm your responsibilities in terms of appointing experts to contain, track and recover lost data.
- Decide who you need to notify and what they need to know - the Information Commissioner and other regulatory bodies may be expecting your call.
- Communicate with your customers, shareholders and staff: reputations take a long time to build and can be damaged in no time at all.
- Take legal action to recover your data and prevent its misuse.
If you have any questions about your business and its cyber security needs, please contact: