When Your Defences are Breached, is Your Business Ready to Survive?
It’s a sunny morning and as you sit in traffic enjoying the sunshine on the way to work, you are thinking about your day ahead and the things you will do with it. Out of the blue, your IT department calls you to let you know the systems are down and it looks like you have been hacked.
Suddenly, you are not noticing the sun, the traffic has become a blur, and your mind races to try to figure out what you do next. How will you figure out what has happened to your systems? Do you have a secure backup to recover from? Who do you need to tell? What is the process now?
Do you take a deep breath, remind yourself that your business is prepared for this and instruct the IT manager to follow the plan, contacting key managers to play their role in the actions of clean up and communication? Or do you sit and wish you knew what the next best step is in the absence of a plan?
If your business has over $3 million in turnover, you now have mandatory reporting of any data breach that may have accessed personal information. If you are unsure of the nature of a breach and what data has been accessed, you have up to 30 days to determine the impact before reporting it.
On 16 March, ARN reported that there had been 30 breaches reported in just 3 weeks, and I am sure we can expect to hear about a lot more as data is being breached regularly. Often the organisation being breached does not even know it is happening.
What can you do to be ready for a data breach?
For starters, have your data backed up so that any corrupted machines can be wiped clean and restored.
Have control of your security systems so you can lock intruders out quickly
You should also be ready to follow the four recommended steps as per the OAIC web page:
Step 1: Contain the Data Breach to prevent further compromise of personal information
Step 2: Assess the data breach
Step 3: Notify individuals and the commissioner if necessary
Step 4: Review the incident and consider actions to prevent future breaches.
Recently, we saw $17 billion in value wiped off Facebook when their breach notification hit the press. They are still trying to figure out how the breach happened due to the complexity of the mess and the scale of the leak. To say they are bleeding money over it is an understatement.
What is the likely fall out to your business of a reported breach? Do you have the right communications strategy ready to go, just in case? Sure, it won’t be $17 billion you drop, but what if you lost a few of your best clients over it – would you survive?
If this leaves you cold, ask Combo for advice and assistance to ensure you are ready for a data breach when it inevitably strikes.