O – Overreacting is not going to get you through the event
P – Preparedness is key
A – Accept that it will happen to you
Q – Quit keeping old data
U – Understand the laws that impact your organization
E – Empathize with your customers/patients/employees – how are they going to react to your response?
In all seriousness; Q and A (no pun intended here) are both important and I wanted to point those two out. If you don’t need the data, as an organization you need to ask yourself, “what are we gaining by keeping this data?” The liability is attached to every piece of information you retain regardless if you use it or not. Having (and following) data retention policies will limit such a liability. Accepting that it is going to happen, now that’s a hard pill to swallow.;but similar to Emergency Preparedness techniques that many organizations routinely practice. As they say, practice makes perfect even if you never have to use those techniques. Organizations that routinely train for various circumstances are the ones best prepared to handle them. If you accept that a data breach is going to happen, you’ll find yourself equipping and (more importantly) training for how to respond. Whether you attach this to existing emergency practices or not is not as important as actually having a response. Many organizations have suffered both from a Public Relations perspective and financially (fines) by their seemingly lack of response. In the end, training staff how to deal with data breaches because you accept that it will happen will yield positive results from a negative situation. It’s amazing how people remember what to do during emergency situations; I still remember to get under my desk during an earthquake.
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
YouTube session cookie.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Discover why security operations teams choose NetSPI.