Heightened awareness of the need for a robust data breach plan is driving business conversations around Australia. A detailed breach response plan decreases the likelihood of attack as well as substantially reducing the potential damage to revenue and reputation. With nearly nine out of 10 security breaches avoidable through planning, this makes a data breach plan top priority in risk management.
Several high profile privacy breaches in 2015 sent a timely reminder that data is sensitive to a range of compromises. It could be a malicious attack, perhaps just an accidental mistake, or employee incompetence. Confidential information can fall into the wrong hands during electronic file transfers, accessing lost or stolen devices, or because of hackers’ infiltration into a company’s servers. Even sending an unsecure email could qualify as a data breach, depending on the information it contained.
A breach response plan doesn’t have to start from scratch. It can leverage existing company information such as business impact analysis (BIA) to identify and protect critical areas and sensitive data.
While a cross-business plan can be daunting at first glance, a segmented approach removes this concern. A close look across the people, process and technology domains will highlight critical areas and enable targeted, progressive action.
Companies can reduce the risk of unintentional breaches with well-defined and measured processes to counter-act human error. Every organisation’s security program is only as strong as its weakest link: users. User awareness needs constant refreshment and ongoing training. They are often the first line of defence against a potential breach. Technical capabilities such as encryption and data loss prevention software (DLP) further tighten the defences.
Data breach response plans sit alongside existing business continuity or incident handling plans. Commitment to rigorous, periodic testing of all these plans strengthens protection. With less than 20% of companies regularly testing their data breach plans, this commitment to test currency delivers business advantage.
Commonwealth legislation currently under consultation in Australia, aims to make notification of serious data breaches mandatory. If ratified later in 2016, a data breach plan that identifies data breaches and incorporates a holistic communication plan will be vital.
Privacy and data protection will continue to be in the spotlight in 2016. Legislators and consumers will escalate their efforts to safeguard personal information. A heightened awareness of this issue by businesses will ensure that, in every boardroom, a data breach response plan will be top priority.