The ins and outs of risk managing a breach
- 12 June, 2017 05:37
It’s not surprising that data breaches are slowly making their way up the list of business executives’ biggest fears. Even for a small organisation, having to announce to your client base that their data has been leaked is a nightmare. Although it’s scary, one positive outcome is that businesses are becoming more aware of the risks involved with a breach. So with risk management on the rise, what do you really need to know?
Preventative risk management
Preventative actions are just as important as reactive actions, if not more so. It’s vital for businesses to implement strategies to deter cyber attacks as much as possible and it’s potentially even more effective than trying to backtrack once the damage has been done.
Although as a solution on its own this might sound vague, a recent study found that over 70% of executives reported that their businesses didn’t fully understand the consequences of a data breach. That’s an enormous number of organisations that could potentially face legal action because they had no active measures in place to prevent a breach.
There are a few measures you can take within your organisation to ensure your team is educated and understands the risks. A big point is to make sure that solutions are discussed from the top down. The board of directors should discuss the risks and implement or approve incident response plans. Executives should participate as much as possible within their knowledge and jurisdiction to establish clear cross-team communication channels before a breach takes place. That way, if something does happen, reactions will be solid and unified.
The second preventative measure lies within D&T and involves any technological protective measures that you can implement without damaging or slowing down your website or processes. Implement fraud prevention. This means any technology that is capable of providing device intelligence, risk assessments, a layered authentication strategy, traditional personally identifiable information (PII), validation and verification, as well as any other contextual information management you may require.
Reactive risk management
This occurs after the breach has taken place. Communication is especially important from this point onwards. Whether addressing internal stakeholders to inform them of a breach or alerting external clients, it’s vital that you are sensitive about the situation.
If your customer base has been affected by the breach, the initial reaction will likely be one of mistrust. It’s important that whoever communicates the issue to them displays empathy and is apologetic. The business should provide a potential solution or offer some form of rectification or potentially even reimbursement where possible.
This is where business insurance comes in. Although it is a preventative measure, its benefits are typically reaped after the event. Risk management can be expensive, but most cyber liability insurance policies will provide cover for the costs involved in alerting clientele. In fact, most cyber liability insurers will help you to work out your strategy and ensure that you have the adequate protection in place to secure your digital systems after the event.
If you’re unlucky enough to find yourself in the middle of a cyber breach, the most important thing to do is to take a step back and breathe and handle the situation in a calm and professional manner.