Feature
Ten Things to Help Mitigate the
Consequences of a Data Breach
By MaryAnn Benzola, director of business development, Custom Computer Specialist
B
efore your facility becomes victimized by a data breach, you need to take steps
to shore up your network security to minimize your risks should such an event
occur. Evaluating risks and developing a game plan are not extravagant, but necessary.
Following these 10 steps can help mitigate the consequences of a data breach.
1. Complete an annual security risk assessment.
A consultant can help you determine where your assets are vulnerable, by
identifying threats (both internal and external) and isolating the potential
consequences if your network is compromised. The risk assessment will
determine where your security deficiencies are in your IT systems. Additionally,
a proper assessment will identify any applicable requirements from a legal
and regulatory perspective and illustrate any gaps that exist between these
requirements and your data security efforts.
2. Create an incident assessment plan
Planning ahead can significantly reduce potential legal, reputational and
financial liabilities. You should have a practicable, repeatable process in place for
evaluating the:
• Circumstances of the breach;
• Characteristics of the unauthorized exposure;
• The kind of data disclosed;
• Relevant legal considerations;
• Potential damage to the concerned individuals.
Take reasonable precautions and put common safeguards in place BEFORE an
incident occurs. Utilize encryption for emails and laptops. This protects data and
emails from anybody you don’t want to see it. Most email systems that are used
by large enterprises have encryption built in.
Utilize National Security Agency level wipe for computer, laptop and copier
disposal. Erasing a file does not remove it and can still be accessed using data
recovery software. Data wiping overwrites all the data space, rendering the data
unreadable, even by God.
3. Establish a breach response team and routine.
In the event of a data breach your team should already be established, with
each member understanding their roles and obligations. Include both internal
stakeholders and external partners who can immediately dissect and analyze the
situation. As soon as your plan is approved, test it often to ensure flexibility as
your organization’s needs evolve.
4. Update policies and procedures to address advancing
technologies and changing regulations.
Organizations are increasingly tapping Wi-Fi resources for BYOD or Bring
Your Own Device. BYOD access to mail and calendar functions, as well as
enterprise resources, must be secure and reliable. Devising a security
(See Ten Things on page 44)
43
Adviser a publication of LeadingAge New York | Fall 2016