What to do in case of a data breach
How to batten down the hatches after a data breach - is it possible to prevent further damage to your firm's reputation?
In this fast-changing world of technology, data breaches are the headline grabbing equivalent of glamour girl and new singleton Katie Price.
But while Jordan might be a permanent fixture in the red tops - whether for falling out of a taxi, or a dress - she may not be aware that she is fighting for attention against some much less glamourous competition. In this case the loss of personal data, whether through negligence of criminal activity.
Large enterprises, institutions, and organisations rarely lurch around in high heels at the back of nightclubs, but they do suffer their own kinds of public disgrace. In fact, when it comes to creating red-faces, data breaches are the equivalent of home alone teenagers hosting Facebook parties: damaging, embarrassing, and with far-reaching knock on effects.
As an out-of-control party may only incur the wrath of neighbours and make holidaying mums and dads think twice about leaving teenagers home alone for a fortnight, so too can a data breach can also leave a firm wide open to shame, criticism, public scrutiny, and reputation damage.
This is the equivalent of discovering that your lazy stupid teenage son has destroyed your house and then being dragged on to the Jeremy Kyle show to discuss why it's all your fault.
Bad reputation
Firms that are exposed for their data management weaknesses will find their reputation damaged and will face anger and confusion amongst their customer employees and partners.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
A study by the independent research organisation the Ponemon Institute found that almost two-thirds of all consumers had been victims or a data breach, while roughly the same amount had both modified and scaled-back on their online activities following such an incident.
How a firm reacts in the public eye is as important as the activities that it undertakes behind closed-doors. It is simply not enough to hold your hands up to the issue; firms have to explain what happened, what it means, and what affected parties should do about it.
The issue that losses are often not discovered until they have caused a problem underlines the fact that all firms should be prepared for what is becoming a very common threat.
Of course, organisations should do all that they can to mitigate the internal threat, and in a budget-constrained environment staff training is the most obvious place to start this.
Jay Heiser of the analyst firm Gartner said that firms should be prepared for data losses and should couple well-trained staff with sophisticated security and data control systems. "In short, staff does need to be better prepared to not take actions that will lead to potential data leaks," he said.
"The longer answer is that while most organizations have not yet reached the optimum levels of employee awareness, willingness, and ability, there is a limit to what is humanly possible," he added. "The most effective levels of control require a combination of human attention and security automation."