As life becomes more digital – for individuals and for businesses – the possibility of a data breach gets more and more real. From cyberattacks on Yahoo! user data to recent stories of overseas hacking on the U.S. government, it seems like no person or organization is safe these days.
So if a data breach happens at your company, what would you do? Are you prepared for the worst-case scenario, like exposure of your employee data? Most companies aren’t.
So if a data breach happens at your company, what would you do? Are you prepared for the worst-case scenario, like exposure of your employee data? Most companies aren’t. But with the help of the Federal Trade Commission (FTC), you can be better equipped for handling a data crisis. A recent article on the CBIA website shared that the FTC has published a data breach response guide for businesses. Here’s a look at highlights from Data Breach Response: A Guide to Business.
Data Protection Tips for Employers
Here are some tips a business should follow if it experiences a data breach.
- Once a breach happens, preventing the loss of even more data is critical. Secure a team of experts that can help prevent another breach. It depends on the type of business and type of breach that’s occurred, but you may need the help of data forensics experts, legal contacts, HR, IT and operations teams, investor relations and of course management.
- Secure physical areas that were affected by the breach. Work closely with your team to determine when regular operations can continue.
- Take affected machines and equipment offline. Change credentials, passwords and access codes as needed.
- Address all vulnerabilities that may be connected to other parties you work with, such as your network service providers.
- If your company had a network segmentation plan in place, work with your data breach team to determine if the plan helped contain the breach.
- Establish a communications plan that ensures your message about the breach reaches all your critical audiences – employees, business partners, investors, stakeholders, customers. Be upfront and clear about the situation – it will help prevent ongoing questions and confusion in the long run.
- Most states have legislation requiring an official notification if a security breach of personal information occurs. Check your state and federal laws for specific requirements you may need to take action on.
- Determine who at your company will serve as the primary point of contact regarding information dissemination and inquiries that come into the company regarding the data breach.
The complete data breach response guide can be found here. You can also access several FTC videos about privacy and security here.