Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Data breach response requires proactive steps, training

Reprints
Data breach response requires proactive steps, training

In a recent study by New York-based Towers Watson & Co., most companies indicated that they had not performed comprehensive information security risk assessments or network penetration tests.

Experts say many companies in the middle market put themselves at greater risk by waiting until a data breach occurs to draft and implement data protection and breach response policies. Some proactive low-cost steps that mid-market firms can take to reduce their exposures are:

• Developing and rehearsing a documented crisis response plan. Be sure to include all key internal players, such as risk management, legal counsel, information technology, auditors and accountants, as well as external emergency contacts such as law enforcement, providers and other business partners, public relations consultants and forensic investigators.

• Demonstrating senior-level support for the plan's development and regular testing.

• Training all employees and third-party providers on proper data management, including equipment transport, smartphone and mobile device use, password and encryption updates, and point-of-transfer exposures. Consider including adherence to data management policies in employee performance reviews.

• Insisting that business partners conduct “stress tests” of their own data breach response plans to gauge business continuity protections.

• Maintaining an up-to-date contact list for breach notification recipients.

• Monitoring data aggregation and storage, and eliminating unnecessary or redundant files.

• Ensuring open communication between risk management, IT and senior-level management teams. Consider cross-training the departments to enhance their understanding of unfamiliar terminology and goals.