Blog

Everything That Needs to Be Done After a Data Breach

Everything That Needs to Be Done After a Breach

Falling victim to a data breach can be financially devastating for the affected organization and the recovery can be confusing to navigate. It’s really not a question of if an organization will experience a data breach, it’s more of a question of when it will happen. Despite the sobering statistics on data breaches, many organizations are still unprepared for this very real possibility. When agents are discussing privacy & network security insurance with their clients, it’s a great time to go over the steps that should be taken after a data breach occurs. Below are the guidelines set forth by the Federal Trade Commission (FTC) that cover everything that needs to be done after a breach.

Secure Operations

When a data breach is discovered, the first step should be to quickly work to secure operations and try to prevent additional data from being compromised. Often, cybercriminals may start with a small attack, and then work up to a larger one to avoid being immediately detected. If an organization suspects that any data has been compromised they should immediately mobilize in response. This may include taking affected equipment and operations offline for a period of time, hiring additional experts to investigate and reaching out to legal counsel to determine if the breach has caused them to break any laws.

It’s important that the organization does not make any rash decisions such as shutting down computers or deleting programs or files without consulting security experts first. These actions can actually worsen the problem, so the best course of action is just to disconnect computers and equipment from the online network, but leave everything powered on and all files and programs in place.

Identify and Repair Vulnerabilities

Once the immediate problem has been taken care of, the next step is to figure out how the attackers were able to gain access and fix it so that it doesn’t happen again. Forensic security experts can be hired to help investigate the breach and make repairs, reinforcements, and recommendations.

Notify the Appropriate Parties

A number of people will need to be notified once the immediate problem has been addressed. Appropriate parties include the affected individuals, law enforcement and any vendors or contractors that might be at risk. If the breach involved electronic health information, then the organization must also notify the FTC, the Department of Health and Human Services (HHS) and possibly even the media.

Storing personally identifiable information for clients and employees leaves organizations at risk of a data breach. Privacy & Network Security insurance is a must for small and large firms to protect themselves against the financial costs associated with this widespread exposure and protect their employees and clients.

About PL Risk

In addition to bringing you the latest news from the insurance industry, PL Risk provides Resources for Agents and Brokers nationwide. We’ve recently implemented Hiscox Now, which allows agents their own access to Hiscox and instant quoting. To learn more about our operations, contact us today at (855) 403-5982.

Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.