How to Survive a Data Breach

How to Survive a Data Breach: A Pocket Guide

Copyright Date: 2009
Published by: IT Governance Publishing
Pages: 45
  • Cite this Item
  • Book Info
    How to Survive a Data Breach
    Book Description:

    Data breaches are becoming a fact of life. As companies retain more data on clients, and data collection becomes more centralised, the risk of multiple records going missing increases. If your organisation gets hit by a data breach, then the way you respond will have a huge impact on your ability to recover. For this reason, forward planning is essential. This handy pocket guide tells you what you need to do to prepare for a data breach. It explains the key measures you need to take to handle the situation and to minimise the damage. The information is drawn from various regulatory publications, and interviews with security experts, lawyers and software suppliers.

    eISBN: 978-1-905356-97-3
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 2-4)
    (pp. 5-5)

    Data breaches are, for most organisations, a crushing blow to their customers’ and staff’s confidence in them, to their reputation and brand value, and to the career prospects of senior executives.

    A data breach may be an even bigger calamity to the individuals whose data has been exposed to Internet criminals, to the press and, possibly, to malicious and ill-wishing acquaintances. Identity theft is a growing problem, and one which is inadequately policed. Individuals whose personal and/or financial data has been breached can find that their credit histories are compromised, and may have to spend years and substantial sums clearing...

    (pp. 6-6)
    (pp. 7-7)
  5. Table of Contents
    (pp. 8-8)
    (pp. 9-11)

    ‘The best laid plans of mice and men often go awry,’ and ‘Rules are made to be broken,’ are statements that have never been truer than in the electronic age. Barely a week goes by without some unfortunate data controller having to admit their company has fallen victim to a data breach.

    In the 12 months to September 2008, official figures show that, in the UK alone, the details of 29 million citizens were lost in data breaches, many of these in the infamous case in which HM Revenue and Customs lost 25 million consumer details in the post. And...

    (pp. 12-20)

    When data disaster strikes, speed is of the essence and, in theory, as soon as the breach is discovered the response team should dust off the pre-rehearsed action plan and put it into practice.

    Of course, we live in the real world where other priorities mean planning for future possibilities is often back-burnered by day-to-day business. In fact, most companies are so preoccupied that, according to Verizon’s 2008 Data Breach Investigation Report, three-quarters of breaches are not discovered by the victim company but by a third party, such as a supplier or banking card company.

    Card issuers may spot a...

    (pp. 21-29)

    Once the nature, size and seriousness of the breach are ascertained, the biggest decision (where applicable) is to decide whether to come clean over the breach, and how to go about notifying interested parties.

    Although disclosure laws are increasingly forcing organisations to make public their personal data failings, there remains a tendency to sweep the problem under the carpet.

    The image and monetary implications mean companies prefer to deal with the problem in house. According to a recent report from an RSA Conference survey, as many as nine out of ten incidents went unreported in 2007.

    ‘With 29% of respondents...

    (pp. 30-33)

    Data breaches come with huge costs in terms of fines, negative publicity, lost business and sweeteners to affected customers, so it’s no wonder that many are kept in house if at all possible.

    However, if a breach is serious enough to warrant reporting to the regulators, there is a strong chance that the ‘truth will out’ and, if the news is going to hit the media, it is vital that the game is played on your terms. Yet nowhere in breach crisis management is the lack of planning more acute than in the sphere of public relations control.

    ‘Too many...

    (pp. 34-40)

    If every cloud has a silver lining, then a data breach is the chance to put in place all the security checkpoints that should have stopped the leak in the first place.

    A breach might be an expensive embarrassment but, with good post-crisis assessment and action, further (potentially worse) security problems can be minimised.

    ‘It is of fundamental importance that lessons are learned from these breaches,’ says Richard Thomas (UK Information Commissioner).

    While the damage may already have been done, now is the best time to put in place systems to safeguard against the problem happening again, and also to...

    (pp. 41-42)
    (pp. 43-45)