Monday, 23 November 2015
Are You Prepared for a Data Breach? 5 Questions to Ask Yourself
Data breaches and security incidents can arise at any time, and when they do, organizations can be left crippled. Although companies don’t get advance warnings before a data breach occurs, but they can better equip themselves to respond quickly to such threats with some thoughtful advance planning.
Following are 5 questions to ask when preparing for a breach:
1) What would happen if our organization experienced a breach?
This should initiate a conversation about how your organization’s systems work, where your essential data and applications reside, who has access to them, and how they are currently safeguarded. This question should also be able to determine what events or factors would put your organization at risk for a breach.
2) How quickly can we detect a data breach?
To prevent a breach, its early detection is important! Case in point – cybercriminals infiltrated systems of a leading financial institution and it took them months to detect the same. By then it was too late –an estimated 83 million customer records were compromised, making it the largest security breach in history.
We suggest to shift the perception of disaster recovery planning from an action item on your IT team’s white board to a strategic initiative that has the full support of your C-suite.
Now is the time to get their suggestions on how to detect unusual events promptly without diverting them from other essential priorities.
3) How effective is our response plan?
Without regular DR testing, you will never know the effectiveness of your disaster recovery plan, or even if it’s up-to-date. We recommend you revisit these plans after every quarter.
4) Do we have effective prevention measures in place?
Regularly review your prevention measures to see if they are in sync with your business needs. It is good to know if these measures are safeguarding all of your critical data and applications or not and if they are protecting the right assets.
5) What role do our employees play in our security efforts?
You can invest in the most advanced technology to help detect and prevent breaches, but if your organization doesn’t promote a culture of security, then technology loses its value. Companies should regularly impart knowledge to its employees and help them understand more about security and the various measures they can take to prevent data breaches.
It is a good practice to share information with examples of common tactics used by attackers and teach employees how to identify and recognize various traps. Tell them how to avoid dangerous attachments, malicious links, etc. and how to use portable devices such as storage devices etc. in a safe way.