Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Business

INCIDENT RESPONSE TIP: FIVE WAYS TO IMPROVE INFORMATION SECURITY AND REDUCE THE IMPACT OF A DATA BREACH

INCIDENT RESPONSE TIP: FIVE WAYS TO IMPROVE INFORMATION SECURITY AND REDUCE THE IMPACT OF A DATA BREACH

By M. Scott Koller – BakerHostetler

The new year will arrive in a few short days and when the bell tolls, it will mark the end of another extremely active year of data breaches. High-profile breaches such as Anthem, Ashley Madison, and the Office of Personnel Management serve as a reminder that it is a matter of when, not if, your organization experiences a data breach. Here are a few relatively simple ways to improve information security and reduce the impact of a potential data breach when that day comes.

Review Your Incident Response Plan

First and foremost, review your incident response plan. An incident response plan should be a flexible playbook that evolves over time and helps guide your response to a potential data breach. As 2015 comes to an end, take this opportunity to see if there are any ways in which your incident response plan can be improved. Does the plan provide enough detail? Are there procedures that should be changed or updated? Consider the impact of new business relationships or product lines, or whether systems were recently deployed or upgraded. Contact information for your incident response team, especially after hours, is a vital part of your response plan, yet personnel changes are frequently overlooked. The worst time to find out your CTO got a new cell phone number is when you are trying to reach him or her at 2 a.m. on a Saturday. Even if nothing has changed within your organization, new vulnerabilities are being discovered and laws are frequently amended. In just the past year alone, 10 states have formalized amendments to their breach notification laws. For a detailed breakdown of these amendments, check out my prior article on the subject, “State Law Roundup: Legislatures Across the U.S. Revamp Data Breach Notification Laws,” and BakerHostetler’s state-by-state Survey of Data Breach Notification Laws. Bottom line, no matter how good your incident response plan was a year ago, there is likely something that should be updated or changed. Don’t wait until you are in the middle of a data breach crisis to review your incident response plan.

Conduct a Tabletop Exercise

There is a reason most buildings conduct yearly fire drills. Through practice and repetition, your response to an emergency can become second nature. Similarly, most data breaches are highly stressful events with serious ramifications for the organization. Tabletop exercises provide an excellent opportunity to practice your response in a low-stress, informal setting. Moreover, tabletop exercises can help identify gaps in your incident response plan and highlight ways in which you can become better prepared in the event of a data breach. Therefore, consider making a data breach tabletop exercise an annual event.

Review and Test Backup Procedures

A properly implemented backup procedure can help safeguard the availability and integrity of company data, as well as protect against the growing threat of ransomware viruses. According to a report by McAfee, reports of ransomware infections have grown exponentially over the past year. Even though backing up data is second nature to most IT professionals, many still forget the critical step of testing those backups to ensure the information was successfully backed up, is capable of being fully restored, and includes all critical data. Remember that some variants of ransomware will encrypt network shares, so it is important to segregate backup systems from your primary network.

Audit External Service Providers

As Target learned the hard way, external service providers represent an alternative way hackers can infiltrate your network. Consider auditing your service providers to ensure they are using appropriate safeguards. If possible, try to limit their access to only the data and systems needed to fulfill their function. Remote access should be provided “on demand” when needed but otherwise disabled when not in use. In addition, service provider agreements should be reviewed annually to ensure that the indemnification, limitation of liability, and cyber liability insurance provisions are appropriate. These provisions should reflect a balance between the amount of data at risk, the extent of the service provider’s access to that data, and the potential costs associated with a data breach. If a service provider has agreed to indemnify your organization for data breaches, make sure the vendor has the financial resources to do so, and if not, require cyber liability insurance provisions to cover any shortfall. Be mindful of limitation of liability provisions, which routinely limit liability to the amount of fees collected under the service agreement or within a certain period.

Perform a Risk Assessment

If you do not know what sensitive personal information and business data you have, where it resides, and who has access to it, you cannot implement appropriate safeguards to protect it. When facing a potential data breach, the inability to provide an accurate network diagram and describe the company’s sensitive data flow will complicate the forensic investigation. Risk assessments can help address these issues and should be performed on a regular basis to account for new vulnerabilities, changes to the organization’s structure or business operations, and the ability of existing security controls to detect and defend against likely cyberattacks.

Conclusion

No amount of advance preparation can entirely prevent a data breach from occurring. However, it is possible to reduce the frequency and severity of incidents by following the steps discussed here.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post