2015 New Year’s Resolution: Prepare for a Data Breach

Posted by Justin Cohen2014 was a remarkable year in the field of cybersecurity. The hack of Sony is still making headlines as North Korea’s role becomes more evident. However, Sony didn’t even make the top 10 list of 2014’s largest data breaches according to the data collected at Silk.co (although it’s surely #1 in terms of news and gossip). An unprecedented number of records were accessed by hackers in 2014. Companies in the top 10 had roughly 290 million records accessed by hackers. 2014 also showed that cyber criminals are becoming more organized and more sophisticated every year. Experts predict that most companies will experience a data breach at some point—it’s just a matter of when.Start 2015 by adding cybersecurity to the top of your company’s list of new year’s resolutions. While many are (and should stay) focused on securing your company’s data, here’s five things you can do to prepare for a data breach: Make a plan. A detailed plan data breach incident response plan will save a tremendous amount of time and money in that critical time period after a breach. According to the recent Ponemon study, the average cost for each lost or stolen record in the U.S. was $195 for companies without a plan. If a company had a formal incident response plan before a data breach occurred, that average cost could be reduced by as much as $17 per record. Your plan must be tailored for your company based on your industry, legal compliance issues, the types of data you store, and potential public relations issues.Identify an incident response team. Include key individuals inside and outside of your organization with clear areas of responsibilities. For example, the same Poneman study also found that having a Chief Information Security Officer leading the data breach incident response team could reduce the cost by $10 per lost or stolen record.Engage outside experts before a breach occurs. That includes technical security specialists, public relations firms, lawyers, and even law enforcement. There’s nothing worse than trying to form a new relationship after a breach.Test your plan through practice. A company’s cybersecurity plan should be more than a policy that sits on a shelf—it should be a part of the company culture.Participate in industry groups and discussions. It’s us against them, and we are all on the same side in this continuing struggle to protect our data.