What to Do in Case of a Data Breach London
How to batten down the hatches after a data breach - is it possible to prevent further damage to your firm's reputation?
Data Provided by:
Provided By:
What to Do in Case of a Data Breach
In this fast-changing world of technology, data breaches are the headline grabbing equivalent of glamour girl and new singleton Katie Price.
But while Jordan might be a permanent fixture in the red tops - whether for falling out of a taxi, or a dress - she may not be aware that she is fighting for attention against some much less glamourous competition. In this case the loss of personal data, whether through negligence of criminal activity.
Large enterprises, institutions, and organisations rarely lurch around in high heels at the back of nightclubs, but they do suffer their own kinds of public disgrace. In fact, when it comes to creating red-faces, data breaches are the equivalent of home alone teenagers hosting Facebook parties: damaging, embarrassing, and with far-reaching knock on effects.
As an out-of-control party may only incur the wrath of neighbours and make holidaying mums and dads think twice about leaving teenagers home alone for a fortnight, so too can a data breach can also leave a firm wide open to shame, criticism, public scrutiny, and reputation damage.
This is the equivalent of discovering that your lazy stupid teenage son has destroyed your house and then being dragged on to the Jeremy Kyle show to discuss why it's all your fault.
Bad reputation
Firms that are exposed for their data management weaknesses will find their reputation damaged and will face anger and confusion amongst their customer employees and partners.
A study by the independent research organisation the Ponemon Institute found that almost two-thirds of all consumers had been victims or a data breach, while roughly the same amount had both modified and scaled-back on their online activities following such an incident.
How a firm reacts in the public eye is as important as the activities that it undertakes behind closed-doors. It is simply not enough to hold your hands up to the issue; firms have to explain what happened, what it means, and what affected parties should do about it.
The issue that losses are often not discovered until they have caused a problem underlines the fact that all firms should be prepared for what is becoming a very common threat.
Of course, organisations should do all that they can to mitigate the internal threat, and in a budget-constrained environment staff training is the most obvious place to start this.
Jay Heiser of the analyst firm Gartner said that firms should be prepared for data losses and should couple well-trained staff with sophisticated security and data control systems. "In short, staff does need to be better prepared to not take actions that will lead to potential data leaks," he said.
"The longer answer is that while most organizations have not yet reached the optimum levels of employee awareness, willingness, and ability, there is a limit to what is humanly possible," he added. "The most effective levels of control require a combination of human attention and security automation."
[pb/]Heiser said that employing such measures was the best way to avoid embarrassment and damage to consumer confidence adding that in general the fines dished out by data watchdogs were not, "large enough to be a motivator".
Can you protect against a breach?
Andrew Kellett, senior research analyst at the Butler Group agreed, and added that there was no sure-fire way to avoid data breaches and explaining that even the best protected and cautious firms were likely to fall victim.
"It was never just about deploying technology, people and process have an important role to play in the protection of corporate data and it is bringing the three together (people, process and technology) that helps organisations to put in place effective security initiatives," he said.
"There is no absolute way to avoid data losses, simply because there are so many vulnerability points and so much sensitive data that needs to be protected," he added.
"At the top level there is a need to take into account malicious activity, unacceptable but non-malicious misuse, and accidental loss. Remember even very good and well organised organisations do suffer data breaches. at the end of the day each business is responsible for protecting all the sensitive data that it chooses to hold."
There is no single way to protect against data breaches and indeed there is no magic bullet for putting customer concerns to rest.
However, there are measures that firms can take to make sure that their customers understand the implications of the data loss, and particularly what it means to them.
Put customers first
Most firms will do the bare minimum in public and will choose to either contact their customers individually or release a statement about the issue. For the end user, this will lead to a loss in confidence but also to panic worry and concern. Or as Heiser simply puts it: "They aren't very helpful to people at all".
Heiser suggested that rather than just supply a message, firms should provide a guide to the issue for their customers and inform them of precisely what happened, what the loss involves, how it affects them, and what they can do themselves to ensure that it does not become a much bigger problem.
As well as this, he explained that firms should draw up their own 'breach recovery plans', a set of instructions and guidelines specifically pitched at the employees who are authorised to deal with the issue and informing them of what activities to undertake.
He added that firms should "put it into place ahead of time," explaining that this would remove any risk of firms appearing to be floundering in the wake of a breach and would instead let them present themselves in a calm manner while they dealt with what is essentially a common and sadly, expected occurrence.
Kellet agreed, adding that that every well-publicised breach should serve as a wake-up call to firms and encouraged them to, "work hard to improve their processes and to ensure that policies are published and updated on a regular basis so that all employees know what their responsibilities are".
But while Jordan might be a permanent fixture in the red tops - whether for falling out of a taxi, or a dress - she may not be aware that she is fighting for attention against some much less glamourous competition. In this case the loss of personal data, whether through negligence of criminal activity.
Large enterprises, institutions, and organisations rarely lurch around in high heels at the back of nightclubs, but they do suffer their own kinds of public disgrace. In fact, when it comes to creating red-faces, data breaches are the equivalent of home alone teenagers hosting Facebook parties: damaging, embarrassing, and with far-reaching knock on effects.
As an out-of-control party may only incur the wrath of neighbours and make holidaying mums and dads think twice about leaving teenagers home alone for a fortnight, so too can a data breach can also leave a firm wide open to shame, criticism, public scrutiny, and reputation damage.
This is the equivalent of discovering that your lazy stupid teenage son has destroyed your house and then being dragged on to the Jeremy Kyle show to discuss why it's all your fault.
Bad reputation
Firms that are exposed for their data management weaknesses will find their reputation damaged and will face anger and confusion amongst their customer employees and partners.
A study by the independent research organisation the Ponemon Institute found that almost two-thirds of all consumers had been victims or a data breach, while roughly the same amount had both modified and scaled-back on their online activities following such an incident.
How a firm reacts in the public eye is as important as the activities that it undertakes behind closed-doors. It is simply not enough to hold your hands up to the issue; firms have to explain what happened, what it means, and what affected parties should do about it.
The issue that losses are often not discovered until they have caused a problem underlines the fact that all firms should be prepared for what is becoming a very common threat.
Of course, organisations should do all that they can to mitigate the internal threat, and in a budget-constrained environment staff training is the most obvious place to start this.
Jay Heiser of the analyst firm Gartner said that firms should be prepared for data losses and should couple well-trained staff with sophisticated security and data control systems. "In short, staff does need to be better prepared to not take actions that will lead to potential data leaks," he said.
"The longer answer is that while most organizations have not yet reached the optimum levels of employee awareness, willingness, and ability, there is a limit to what is humanly possible," he added. "The most effective levels of control require a combination of human attention and security automation."
[pb/]Heiser said that employing such measures was the best way to avoid embarrassment and damage to consumer confidence adding that in general the fines dished out by data watchdogs were not, "large enough to be a motivator".
Can you protect against a breach?
Andrew Kellett, senior research analyst at the Butler Group agreed, and added that there was no sure-fire way to avoid data breaches and explaining that even the best protected and cautious firms were likely to fall victim.
"It was never just about deploying technology, people and process have an important role to play in the protection of corporate data and it is bringing the three together (people, process and technology) that helps organisations to put in place effective security initiatives," he said.
"There is no absolute way to avoid data losses, simply because there are so many vulnerability points and so much sensitive data that needs to be protected," he added.
"At the top level there is a need to take into account malicious activity, unacceptable but non-malicious misuse, and accidental loss. Remember even very good and well organised organisations do suffer data breaches. at the end of the day each business is responsible for protecting all the sensitive data that it chooses to hold."
There is no single way to protect against data breaches and indeed there is no magic bullet for putting customer concerns to rest.
However, there are measures that firms can take to make sure that their customers understand the implications of the data loss, and particularly what it means to them.
Put customers first
Most firms will do the bare minimum in public and will choose to either contact their customers individually or release a statement about the issue. For the end user, this will lead to a loss in confidence but also to panic worry and concern. Or as Heiser simply puts it: "They aren't very helpful to people at all".
Heiser suggested that rather than just supply a message, firms should provide a guide to the issue for their customers and inform them of precisely what happened, what the loss involves, how it affects them, and what they can do themselves to ensure that it does not become a much bigger problem.
As well as this, he explained that firms should draw up their own 'breach recovery plans', a set of instructions and guidelines specifically pitched at the employees who are authorised to deal with the issue and informing them of what activities to undertake.
He added that firms should "put it into place ahead of time," explaining that this would remove any risk of firms appearing to be floundering in the wake of a breach and would instead let them present themselves in a calm manner while they dealt with what is essentially a common and sadly, expected occurrence.
Kellet agreed, adding that that every well-publicised breach should serve as a wake-up call to firms and encouraged them to, "work hard to improve their processes and to ensure that policies are published and updated on a regular basis so that all employees know what their responsibilities are".
Author: David Neal