No company, large or small, is immune to a data breach. A data breach is any incident where personal identifiable information (PII) is stolen by an unauthorized individual.
Examples of PII include, but are not limited to, credit card information, biometric records, payroll information, medical records and addresses. When a data breach occurs, it’s important for organizations to act quickly in order to limit the damage.
When responding to a breach, consider doing the following:
- Conduct a preliminarily assessment. When a data breach occurs, organizations must take steps to prevent the issue from getting worse and assess the situation. It’s critical to make note of when the breach occurred, how it was carried out and how many customers were affected. This information is vital when it comes time to communicate the incident.
- Evaluate the risks associated with the breach. After the breach has been verified and contained, organizations should perform a more detailed risk assessment. This assessment should examine the type of PII that was lost, how specific types of PII were targeted, and the strength and effectiveness of your security technologies.
- Notify your customers and the public. Prompt notification allows your customers to take the necessary steps to protect themselves from identity theft. When notifying customers, keep in mind your company’s legal and contractual obligations, how likely your customers are at risk of identity theft or fraud, and any reputational damage the data breach may cause.