Preparing for a data breach incident
1. Make a disaster recovery plan that details very specific steps for what to do and what each employee’s exact responsibilities are if a data breach occurs. From an IT perspective, ascertain what type of breach it is (virus related, private data accessed or other malicious activity) and develop very concise steps to take to address each type of instance. Have multiple data restoration options available and test them regularly for reliability. Build contact lists of vendors and key response personnel and create a business continuity plan in the event that your IT systems are rendered unusable. Your IT group should also document baseline configurations so as to use them for comparison purposes.

2. Test and work the plan on a regular basis in an effort to better train your key personnel and to keep your disaster recovery plan updated with your ever-changing office environment. Incident preparedness training ensures that all company personnel are ready to handle data breaches before they occur. Training should include employee awareness for all of the overall security plan and the related response measures so that they help rather than hinder the recovery process.

3. Commit the proper amount of resources to prevent an attack. And this means committing monetary resources on an annual basis to proactively address security issues. It is much less costly to be proactive than to be reactive. The “It won’t happen to me” security approach is a recipe for disaster.

4. Consider data breach insurance which will help offset much of the cost of a data breach incident. These plans are not new and should become a staple item when reviewing annual insurance coverages.