Data breaches are becoming more common among even the most secure organizations. Just like most of us prepared for storms or fires in school by following a well-scripted plan, it is also prudent to prepare for the storm that will likely occur if data is breached from a business. Even a small business can take some simple steps to prepare for a data breach. 

An important step to preparing for a data breach is to know the facts about the organizations data. Important facts that should be known and readily accessible are:

  1. What are the types of data that the business holds
  2. How does the business classify its data
  3. Where are the various places that the data is stored

Understanding the types, locations, and classifications for data will help a business to address its plan. Further steps to prepare for a breach are to create, implement, and manage an information security policy. Even if a business has a well drafted policy, it should consider the following:

  1. How is the policy communicated to its employees
  2. How are employees trained on the policy
  3. How does the business ensure that the policy is enforced 

It is important to go a step further and draft an incident response policy. As a business’s own IT staff will admit, no system is completely secure. So having a checklist readily available during the crisis of a data breach will at least allow a business to take the appropriate action as soon as possible. 

In addition to a business’s plan to implement prudent security, it can be helpful to employ the assistance of legal counsel experienced in preparing businesses for data a breach in order mitigate the potential legal and financial problems that may result from such a crisis.