When you own a business, you have two choices. You can either decide to invest money in replacing stolen goods, or to invest money in a nice security system. When I first started my business, I decided to ignore security measures altogether, which caused me to net a loss for the year. However, after a suggestion from my mentor, I decided that it might be wise to install a nice security system. You wouldn't believe how much better things got. Within a few weeks, theft was almost completely eliminated. My blog is all about helping you to tighten up security measures.
One thing to understand about the world of Information Security (IS) is that there's no such thing as a perfect defense. It's important to secure your computer and network assets as much as possible, but it's not uncommon for ego and incorrect assumptions to demand the best protection without a plan for when that protection fails--after all, what's the point of a backup plan if you've paid for the "perfect defense"? To avoid being proven wrong in costly ways and to make sure that you're able to respond to a breach as soon as possible, keep a few recovery plan points in mind.
Know Who To Warn
Many forms of information theft come in the form of financial damage, but not all damage is financial. In an age of identity theft becoming a common danger, there are many services that can fix the problem if you speak up about the issue as soon as possible. Whether it's your personal information, trade secrets or client information, you need to have a system in place to warn the necessary people.
Identity theft occurs when thieves are able to get personal information that can help them pose as other people. Although it's not impossible for a creative, highly-charismatic thief to steal sensitive information with pure charm and social engineering, a thief often needs information such as addresses, credit card numbers, social security numbers or other information used by most services to identify a person.
If this information is stolen, the compromised persons need to be identified and warned as soon as possible. It's not extremely difficult for a person to check their own credit report and bring attention to their own fraud case, but what if that person's credit is tarnished in the middle of an emergency loan request? The issue could be fixed in time, but the situations for all victims are different. For their safety and your reputation, you need to be able to warn them early.
If you know exactly which accounts were compromised, you can warn those specific clients and help them along the security process sooner. If you have a large, single database that already has all of this information in one area, thieves have an easier time stealing the information they need. It's time to divide and conquer.
Divide Assets For Safety
No matter how well you divide your information, you should warn all clients who could have been potentially affected. That said, if you're sure that only a select number of accounts or information have been compromised, use your resources on those clients first. This can be done with proper division.
Dividing the information into areas that must be uniquely stolen can slow down a thief and make it easier to know what was accessed. Databases often contain massive amounts of information that must link with each other, such as customer service systems needing to briefly bring a name, address and credit card number together on one screen.
You could also make sure that the files are not only held on systems that only a limited number of people can access, but fragmented across multiple systems. Don't just use a single computer or server for all secure information; break the information into sections such as blocks of alphabetical order, date of creation or some way that you can track the order without giving easy access.
Contact a data breach response plan professional (such as one from Prilock) to discuss what you can do with your specific system to ensure a timely, helpful response after an information compromise.Share