Steal This Data

Taking steps to protect personal information in your files and on your computer can go a long way toward preventing a security breach. Nevertheless, breaches can happen. That’s why it’s important for companies have an incident response plan in place to deal with to security incidents before they occur. Putting together a “What if?” action strategy now may help reduce the impact an information breach can have on your business, your employees, and your customers.

Here are some tips about customizing your company’s incident response plan.

• Senior management sets the tone for any organization’s commitment to data security. That’s why drafting, coordinating, and implementing your company’s response plan isn’t a job for a newcomer. Designate a well-respected senior executive to head up your response team. Select someone with a reputation for working well with every part of your operation — sales, financial, personnel, information technology.
• Once you’ve put together your response team, have them draft contingency plans for how your business will respond to different kinds of security incidents. Some threats may come out of left field; others — a lost laptop or a root kit attack, to name just two — are unfortunate, but foreseeable.
• Experience sharpens intuition. If your staff suspects a breach, investigate it immediately.
• If you suspect a computer breach, immediately sever the compromised computer’s access to the Internet and to your network. To assess the impact, ask your IT staff to preserve any available network logs, file transfer logs, system logs, and access reports. Investigate if intruders opened files or placed new programs on your computer. Did they release viruses or other malware? By diagnosing the damage and retracing the fraudsters’ steps, you can help your company shore up unanticipated vulnerabilities.
• Consider whom to inform in the event of an incident, both inside and outside your company. You may need to notify consumers, law enforcement agencies, customers, credit bureaus, and other businesses that may be affected by the breach. In addition, about 40 states have laws addressing data breaches. Have that information on file before you need it.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Tags: data breachesm personal information, Incident Response Plan, security breach, security incidents

This entry was posted on Friday, November 21st, 2008 at 4:04 am and is filed under Information Security Policy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.