“The best strategy to manage the inevitable data breach of your enterprise is to be prepared.” -Adam Greenberg, SC Magazine
Exactly–you must prepare on 2 fronts: Defense & Response
In a recent article in SC Magazine, Adam Greenberg marches along faithfully with many of us in trying to get you, the business leader, to appreciate the severe risk that data breaches pose to your business. He starts by repeating the old data breach proverb, “It is not a matter of if, but when,” which readers of this site have heard many times before.
It is now a given that every enterprise either already has been, or will be, the victim of a data breach. It’s just life in the digital age, get used to it.
More importantly, prepare for it. A data breach can be either (1) a catastrophic event that threatens the very existence of your enterprise, or (2) just another adversity that your enterprise faces, manages, and learns from along its journey to success.
The choice is yours and is determined by whether you stick your head in the sand and ignore the risk or prepare for it. The first step you must take is to decide that you will not ignore this threat and that you will prepare for it. This is the most difficult step for many business leaders but, once we get past it, we start making progress.
Preparing for a data breach requires preparing a defensive strategy and a responsive strategy.
Preparing to Defend
“Offense sells tickets; Defense wins championships” -Coach Paul “Bear” Bryant Jr.
When we talk about preparing for a data breach, some people jump the gun and start thinking about how they will respond. This loses sight of the primary objective–your duty–PROTECTING THE DATA which, necessarily, requires defending your system.
The top priority for your enterprise is to take steps to assess and strengthen its cyber security posture. Then, the deficiencies that are identified must be corrected (there are always deficiencies). And don’t forget to document the steps that are taken (here is why).
Preparing to Respond
After you have prepared your defensive strategy, the next step is to prepare for responding to the inevitable data breach. Every enterprise needs a data breach response strategy that is documented in a written breach response plan (here is why).
The breach response plan needs to be comprehensive, readily accessible in an emergency, and everyone needs to be trained on their roles in the plan. You can read more about breach response plans here.
Fortunately, this process is not as intimidating as it may sound. The most difficult part is that you must decide that you will make sure your enterprise is prepared for this risk. After you make that decision, a qualified adviser who has helped other enterprises prepare for these situations can guide you through the process.
Learn more about the author’s unique CyberGard–Cyber Risk Protection Program.
Source of original article: Plan ahead: Prepare for the inevitable data breach – SC Magazine.