It's getting to be difficult to run an offline company these days.
Whether you run a multinational corporation or a local donut shop, chances are you're going to wind up with some sensitive data running through your machines.
There's no sure way to completely guarantee that you can keep your data safe. So, having a pre-breach plan is of the utmost importance.
You have an escape plan in the event of a fire, you have a backup plan in the event of an earthquake, so you should have a plan in place for a data breach.
Step One: Read The Privacy Act
Good news: Most of what you need to do is already outlined in the Privacy Act. This will help you to determine your responsibilities to your customers and shareholders in the event of a breach.
Step Two: Talk With Your Team
Part of running a business is relying on the insight and experience brought by the different members of your team. When it comes to developing a data breach pre-plan, that means your tech guys, your attorney and your insurance agent. Get in touch with them and get their input on developing your plan B.
Step Three: Make A Containment Plan
The first thing you're going to need to do in the event of a breach is contain it. Your IT team is going to be shouldering most of the burden here.
Step Four: Set Your Communication Plan
Actually containing and responding to a breach is largely a matter of technology and insurance. You're going to be winding up spending a lot more time on communication than on containment, and you're going to want to consider these questions:
- How, and when, are you going to contact and manage individuals affected by the breach?
- Who is in charge of the communications plan?
- Which external stakeholders (the police, regulatory boards, etc.) are going to be contacted, and who is going to be making the calls?
- Who is going to talk to the press, when are you going to call them and what are you going to tell them?
Finally, a high profile breach, even if it doesn't score the hackers a single dollar that isn't covered by business insurance, may cost the affected company in public trust. Knowing how you're going to manage that, and how you're going to earn that trust back, is key.