Data breach: How to prepare
While personal information and likely sensitive data have become a common asset of nearly any business, data security is not that hot topic on the IT roadmap. Even global players in e-commerce have failed in the past to secure their data against 3rd party access.
Several jurisdictions have specific regulations dealing with prevention of and proceedings following a loss of such data, commonly referred to as data breach. In addition, contractual obligations concerning non disclosure and data security measures are more and more boiler plates in tech contacts.
Said this, a data breach is not only a communication challenge with your customers and contractors, but also a legal risk jeopardizing your firm’s compliance and triggering potential fines. As a consequence companies should take appropriate measures to be prepared for a data breach minimizing the negative impact on their business. In a following up post I will describe what to do if a data breach has happened.
Three different work streams must be accomplished for an appropriate compliance framework, and consider the following items:
1. The obvious one: Technical and organizational measuresEnsure that your staff is well trained and has an appropriate head count. Are your systems up to date? Consider cloud services with major providers if you can’t afford an state of the art insourced solution. Every day the bad guys get more familiar with your security measures. Keep your standards high and stress your systems to ensure they have not been compromised. Audits can be performed by your staff or specialized service providers. Install a person responsible for the security of your IT environment ...Zum vollständigen Artikel