Skip Links

Ready for a data breach? How to develop your response plan

IT Best Practices Alert By Linda Musthaler, Network World
October 25, 2012 04:29 PM ET
Linda Musthaler
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

It seems that not a day goes by when we don't read about a data breach of some sort. It could be a headline-grabbing whopper like the recent Barnes & Noble situation involving 63 store branches, or a smaller but still problematic incident like a stolen laptop with sensitive information on it.

The Identity Theft Resource Center (ITRC) has reported 347 breaches for this year as of Oct. 23. The number of potentially exposed records, as best as could be determined, exceeds 10 million. In 2011, the Privacy Rights Clearinghouse recorded 558 incidents, and the Open Security Foundation reported 126.7 million records impacted. And these are just the known breaches that have been reported; the number of undiscovered incidents could overshadow these statistics.

ROUNDUP: The worst data beach incidents of 2012 -- so far

A quick review of the cases reported to the ITRC this year (see the 2012 ITRC Breach Report) shows most breaches are attributed to one of the following causes:

• A lost or stolen portable device such as a laptop, smartphone or USB drive

• Unauthorized access, including hacking or insider access, to computer systems or point-of-sale systems

• Malware on computers that contain sensitive information

• Accidental exposure of records by a worker (for example, publicly posting a database containing Social Security numbers)

• Reckless disposal of printed materials containing sensitive information (such as recycling paper documents instead of shredding them)

The 2012 ITRC Breach Stats Report shows that breaches affect every industry and organizations from the largest corporations and government agencies down to small local businesses. This means that every business -- yours included -- is at high risk for a data breach. All it takes is one lost laptop or a careless worker.

With this in mind, the Online Trust Alliance (OTA) has published a very thorough document called the Online Trust Alliance 2012 Data Protection & Breach Readiness Guide.

According to the OTA: "A data breach can have devastating consequences to a business, damaging its brand and causing it to lose customers. The purpose of this guide is to provide guidelines that help businesses to proactively develop a plan to minimize data collection, enhance data protection and create a customer-centric incident response plan. By planning in advance, businesses of all sizes can minimize their risks, costs and the impact of a breach to their customers and the reputation of their company and brand."

It's a helpful guide, regardless of the size of your organization or the regulations under which you operate. This guide addresses three important areas:

* Data governance and loss prevention. Of course, it's far better to prevent a data breach than to deal with one after it has happened. The OTA document provides guidance on: classifying data to understand what is most important to protect; auditing and validating who has authorized access to confidential and sensitive information; how to preserve the state of your systems for detailed forensic investigation if you suspect a breach has occurred; the use of technology to prevent data loss; how to minimize the amount of data that you store and need to protect; and the proper way to destroy data that is no longer needed.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News