What are the impacts of security breaches? How will they affect your business? 

Understanding the threats to your data and how you can prevent breaches is only one piece of the information security puzzle. While no business wants to be the victim of a data breach, not having a plan in place to deal with a breach is a grave mistake. It’s the old adage hope for the best, prepare for the worst, and preparing for the worst, when it comes to information security is key. Have you ever taken the time to step back and look at the trickle down effect a data breach at your company could have? How far would it reach? How long would it take to clean it up? How much does it cost to clean up? How long would an investigation take? How would you restore the security of your information? How would you help those whose information was compromised on your watch? How would you begin to rebuild your client base? Or even your reputation? Tough questions, but they are all implications of a breach on information security.

Arv Malhotra, professor of strategy and entrepreneurship at University of North Carolina, says:

“Companies must establish a post-breach protocol of how they will inform, placate and compensate their customers. A good service-failure recovery has been shown to have the potential to generate goodwill. Customers can forgive and continue their relationship with a company if the data breach is addressed appropriately. And as is true in cases of other types of service failures, strong service recoveries even have the potential to create positive word-of-mouth exposure for companies.” [Arv Malhotra – Risky business: The impact of data breaches]

He’s right, with more than your reputation on the line, it’s important for businesses to take “post-breach protocol” seriously. It’s not just about how you prepare for or fight to prevent a breach, but how you will respond to it if it happens to you. Customers expect their information to be safe and protected, whether they are digital assets, paper files, medical records, financial transaction information, and beyond. In our last post we touched on why it’s important to have a protocol for paper documents, but now we want to touch on why it’s important to have a process in place in the event of a breach.

It’s not just about saving face, having a process can help save valuable time, money and resources on the backend –
“Having a proactive approach to handling security, a data classification program and policy, and a solid response and clean-up plan are significant positive steps organizations can take to reduce the costs and effects of a breach,” says SANS Analyst Barb Filkins [2] So what are you waiting for? Get to planning! Check out a few resources we found on how to get started with developing a data breach response protocol.

• 2015-2016 Data Breach Response Guide – Experian
  Tips on how to develop a response team, a plan, and putting a process in place to bounce back from a data breach, from the experts at Experian.
• Data Breach Response Check List – Privacy Technical Assistance Center
  Not sure where to start? Check out this checklist of items to ensure your data breach response plan tics all the boxes.

Sources:
1. Risky Business: The Impact of Data Breaches, Arv Malhorta & Claudia Malhorta (blog.kenan-flagler.unc.edu/risky-business-the-impact-of-data-breaches/)
2. Post-Breach Impact: Learn the Positive and Negative Factors That Influence Breach Costs, Nov.12, 2015, PR Newswire (http://www.prnewswire.com/news-releases/post-breach-impact-learn-the-positive-and-negative-factors-that-influence-breach-costs-300177668.html)