How can you prepare for a data breach?
Whilst you wouldn’t want to think your business was open to a security issue, if you prepare for a data breach, you will know exactly how to respond.
It’s statistically inevitable that at some point your business will suffer from either a cyber-attack, employee security breach or loss of physical data.
The Risk
Major data breaches such as the Facebook Cambridge Analytica incident highlights that even the largest of organisations are open to compromising the personal data of their customers. But it isn’t just larger companies that are targeted by data hackers. Any business, however small is at risk from a threat via phishing emails or a security weakness within your IT system.
Take charge
Whatever the size of your business, ensure you appoint someone to oversee data protection. This person will be the one responsible for reporting a breach to the ICO within 72 hours of the event occurring. Data handling needn’t be a daunting task. Much of it is common sense and about educating staff on how to handle, store and dispose of all mediums of data.
Planning ahead
One major way you can prepare for a data breach is to write an incident response plan. This should include how to react, the key people who need to be informed, and how to advise customers or the public of the occurrence. When creating the plan, think worst case scenario. The plan could take the form of a risk assessment to identify gaps in data flows and where sensitive data could leak. Remember to test out your plan, evaluate it periodically and train your employees on how to react.
What can you do to help prevent a breach?
Whilst you are unlikely to be able to completely prevent it, consider these steps to prepare for a data breach and minimise the chances of it happening:
- Conduct regular staff training on how to handle suspicious emails
- Educate on how to handle, store and dispose of confidential paper documentation, eg using a secure shredding facility
- Ensure you have a robust email system that regularly scans for suspicious activity
- Dispose of all IT equipment (including hard drives) correctly by using a shredding service
Protecting against phishing
Phishing emails can prove disastrous to a business. These malicious emails are designed to trick you into giving personal or business information via fake websites. Many emails are very convincing. Being vigilant as to where the email has come from and the type of information it is requesting may help protect against a breach. Legitimate organisations will never email you and request your personal details. If you are unsure, then delete the email and contact the organisation directly. Be aware that at certain times of year such as Christmas, these emails become more common. You should also be aware of the risks using an unsecure WiFi connection in coffee shops or public transport. If in doubt, use 4G to keep secure.
If a data breach does occur…
If you are subject to a data breach, how you react is key. Ensure the incident it reported within 72 hours and be honest about how the breach occurred. This is important so that investigations can be properly performed. It is essential that your business learns from the breach, taking steps to minimise that event happening again. However serious the situation seems at the time, it is the recovery that is the essential part of navigating through the process.
The Shredding Alliance can assist you to become more data security conscious. If you would like help then call for a quote today.