September 03, 2024
Planning for a data breach is actually a great strategy for preventing data breaches in the first place.
The likelihood that a company will be faced with a security incident gets higher every year. In a 2016 Ponemon study, 52% of companies experienced one breach during the year, and 66% reported multiple breaches.
A data breach occurs when unauthorised individuals gain access to sensitive, confidential, or protected information. This can result in the theft of personal data, financial loss, and significant damage to an organisation’s reputation.
Data breaches often happen due to weak security measures, phishing attacks, or insider threats. Implementing robust security protocols and employee training can help mitigate the risk of such breaches.
Every company should have one, made up of department representatives, IT and other first responders, legal counsel, media-savvy spokespeople, and senior executives. The Ponemon study reported that 57% of respondents said their company’s C-suite was not part of the team.
Identify all the data (on hand and being collected on an ongoing basis) that is confidential and why (e.g. data protection law compliance, etc.)
A comprehensive Document Management Policy provides a formal process that helps protect documents from creation to destruction.
For example, all files, whether digital or paper, are labelled by their contents and for how long the information needs to be kept. This kind of data retention process will eliminate unnecessary data as soon as possible too.
Visibility into end-user access of sensitive and confidential information is critical. Implement access-controls so that only those employees who need the data to do their jobs have access.
For computer devices, use the most current versions of firewalls, anti-virus software, applications and operating systems with automatic security patching; also complex passwords and multi-factor authentication. Implement a Clean Desk Policy and provide lockable desks, cabinets and other storage for paper documents and legacy hard drives. A culture of security and ongoing employee training will support data security best practices.
Protect data in transit. Teach employees to guard confidential information – not to leave it exposed in public places or visible in their cars. Encrypt data, do not use public Wi-Fi, and lock mobile devices.
While 86% of respondents in the Ponemon study said their organisations have a data breach notification plan only 24% have a procedure for keeping the plan current. But there are always new risks. For example, ransomware is currently a huge issue. But 45% of respondents say they are not taking any of the steps listed to prepare for a possible ransomware attack.
Conduct due diligence on all third-party service providers. Third parties and business partners have been identified as a significant risk when it comes to breaches.
Partner with a trustworthy document destruction company that provides secure destruction services for paper and digital data. There should be a secure chain of custody with trained security professionals, on- or off-site information destruction, and a Certificate of Destruction issued after each service.
Knowing these 5 key areas of office fraud is another way to help reduce the risk of a data breach.
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and data security survey.