OTA advocates all that businesses create an incident
response plan and be prepared for the likelihood they will experience a
breach or data loss in the future. The fact is breaches happen and often at
the worst of times. Rather than be lulled into the belief it will not
happen to your business, a well-designed plan is emerging as an essential
part of regulatory compliance, demonstrating that a firm or organization is
willing to take reasonable steps to protect data from abuse. Doing so is
good business. Developing a plan can help to minimize risk to consumers,
business partners and stockholders, while increasing brand protection and
the long-term viability of a business.
Few events can damage a company’s reputation and consumer
trust more than the loss, misuse or breach of personal and sensitive data.
In the past 5 years, it is estimated over 543 million records containing
sensitive personal information have been compromised due to breaches.
Such incidents not only harm a company’s brand, but typically increase
scrutiny and liability exposure, risking impacting a business’s bottom line.
According to the 2010 Cost of Data Breach Report published by the Ponemon
Institute, data breach incidents cost U.S. companies $318 per compromised
customer record with an average cost per-incident of $7.2
million.
Directly related to data security breaches is the impact
of key operations which may result from criminals changing passwords,
deleting key files and or loss of physical property impacting business
continuity. Planning for incidents and physical disaster helps to identify
exposure from internal and external threats. Synthesizing your hard and
soft assets can help provide effective prevention, recovery and system
integrity. In addition to cyber-attacks, employee theft and accidents,
related incidents include fires, earthquakes, power outages and are proving
to be critical scenario planning requirements.
Incident planning incorporates both data breaches and
disaster planning as a part of an organization’s learning effort that helps
reduce operational risks, improve information security and corporate
reputation risk management practices. Not unlike training first responders
for a physical incident, data managers and cyber responders must be trained,
equipped and empowered. Planning is the key to maintaining online trust and
the vitality of the Internet, while helping to ensure the continuity of
business.
Executive support for making data privacy part of the
business culture, and for building, testing, and maintaining a DIP, is
critical for ensuring that a business is prepared before a breach occurs.
It is also important for executives to acknowledge the need for businesses
to work to ensure that their customers have clear, conspicuous, and readable
notices which can be easily understood by the target audience of the product
or service. Additionally, consumers must have the ability to permanently
opt-out of all collection of their personal data and be provided notice on
the use and sharing of any such data after it has been collected.
OTA encourages all businesses, non-profits and government
organizations to make a renewed commitment to data protection and privacy.
Being prepared for a breach is good for your business, your brand and most
importantly your customers.
Resources Plan Download (PDF) Press Release Presentation (PDF)
No hay comentarios:
Publicar un comentario