When it comes to minimizing risk before, during and after a data breach, having a proper incident response plan in place, which has been tested and proven, is key. During a recent AHA webinar it was revealed that 44% of healthcare respondents did not have an incident response plan. But a good incident response plan is more than just data breach response, it is key in every aspect of prevention, implementation. Data Breaches can be complex, and not properly responding can cost your organization money and reputational damage. One of the most interesting things pointed out in Doug & Jeremy’s piece is the need for proper forensics. Spending the time and money on digital forensics can pay for itself ten fold, and save you time in the long run, a fact lost on many shortsighted organizations.
“Every organization and each data breach has unique risk factors based on industry, regulatory, customer, and technical circumstances. To reduce the likelihood of a data breach, you must understand your specific risks and address them before a breach occurs. You must also plan ahead to ensure an appropriate, rapid breach response to reduce your chances for regulatory actions and litigation.”
“We recently carried out a forensic investigation of an incident where it was initially thought that 50,000 records were exposed. However, the investigation revealed that the information for fewer than 10,000 people was actually compromised, saving the organization significant costs and the unaffected people needless worry.”
This article was originally printed in the Adivsen newsletter: Cyber Liability Journal. You can read the full version here – Ten Tips to Minimize Your Risks Before, During, and After a Data Breach