Data Breach – Having a Plan
In a perfect world, where human error and malicious intent did not exist, we would not need to be prepared for a data breach. However, the fact is that most business will have some sort of “data-loss” incident that will warrant the use of data breach protocols. Remember – in today’s electronic world a lost USB drive, misplaced cell phone or a stolen laptop can account for a significant data breach.
It makes good business sense to have a data breach plan in place for when this occurs. Here are a few items to include in your plan.
- What data is out there, who has access to it, and how do they access it?
- What are the regulatory requirements that govern this information (include federal, state and industry specific)?
Who is the person in the company that is notified if a breach occurs?
- When is that person contacted? What warrants a breach?
- Start looking at your Data Protection Plan – where are you vulnerable? How are your back-up tapes, drives or online backups secured? Do you require passwords and/or encryption on mobile devices?