Data breaches are becoming more common among even the most secure organizations. Just like most of us prepared for storms or fires in school by following a well-scripted plan, it is also prudent to prepare for the storm that will likely occur if data is breached from a business. Even a small business can take some simple steps to prepare for a data breach.
An important step to preparing for a data breach is to know the facts about the organizations data. Important facts that should be known and readily accessible are:
- What are the types of data that the business holds
- How does the business classify its data
- Where are the various places that the data is stored
Understanding the types, locations, and classifications for data will help a business to address its plan. Further steps to prepare for a breach are to create, implement, and manage an information security policy. Even if a business has a well drafted policy, it should consider the following:
- How is the policy communicated to its employees
- How are employees trained on the policy
- How does the business ensure that the policy is enforced
It is important to go a step further and draft an incident response policy. As a business’s own IT staff will admit, no system is completely secure. So having a checklist readily available during the crisis of a data breach will at least allow a business to take the appropriate action as soon as possible.
In addition to a business’s plan to implement prudent security, it can be helpful to employ the assistance of legal counsel experienced in preparing businesses for data a breach in order mitigate the potential legal and financial problems that may result from such a crisis.