If you’re a regular reader of my blog posts, you know that it’s not a matter of if but when your company will fall victim to a data breach.
Our mission at US Cyber Vault is to partner with companies to keep them secure from the constant onslaught of cyberattacks pervading our world. The threats may change every day, but our commitment to you will remain the same: We will keep your company secure by watching your data like a hawk, allowing you to focus on running your business.
Part of any good security service, however, is ensuring you have the right communication systems in place should the inevitable happen. You need to quickly understand where the data breach occurred, which information was compromised, how quickly it was detected, and what you are doing to mitigate ex-filtration of your data (information getting into the wrong hands used for nefarious purposes).
This means cybersecurity is not just an IT problem or information security problem – it’s also a business problem that goes to the highest levels of your management team.
Show good partnership with your colleagues in the business and create a holistic action plan to mitigate the impact of any hacker that may penetrate your defenses.
First, draw clear lines with the sand and shatter misconceptions about cyberattacks. They are not:
- Merely an IT department problem
- Only limited to internet companies, banks, and nation states – in fact, IBM found that the healthcare industry was the number one target of hackers in 2016
- Reserved for large multinational companies – hackers do not discriminate
- Solved with simple anti-virus software
Now that you got those myths out of the way, it’s time to create a data breach response plan. A major tenet of this plan should revolve around communication – internally to your senior management and associates as well as externally to the media and your customers. Create a cross-functional team involving leaders from each line of business. Prepare standard media statements, social media responses, and spokespeople who can get ahead of any enterprising reporters. The key is ensuring your response plan can be activated at a moment’s notice and that roles and responsibilities are clear.
Other considerations include:
- Speed: We live in a 24/7 news cycle, so it’s important you are able to detect breaches the moment they happen and get ahead of public sources finding out your data has been breached before you do.
- Transparency: Particularly for your company’s customers, clients, and partners, they want to know what data has been taken and the impact it will have on them personally. Depending on the size and scope of the breach, you will need to share this information with the appropriate resources anyway, so having the ability to be completely transparent as to what was taken and how you’re dealing with it is a step in the right direction to repair any loss of trust.
- Consistency: Effective data breach response requires coordinated and consistent messaging. “Keeping your story straight” will also assuage any grumblings from the public that you are hiding anything.
- Cold, hard, quantitative data: Gut instinct is a poor substitute for research in determining the impact of a data breach response. Get the facts, share them publicly, and take action accordingly.
Healthcare companies throughout the country are facing an onslaught from hackers going after their treasure troves of protected health and personally identifiable information. Safeguarding data and proactively implementing systems to maintain healthcare brands’ reputation will be a top priority for many of us attending HIMSS in February, the largest healthcare IT show in America. There’s no doubt that cybersecurity presents communication complexities – however, with dedicated organizational focus it is possible to mitigate reputational damage.
The good news is you don’t have to wait for HIMSS to learn more – contact us today so we can show you how our managed security services for on-premises or cloud environments will extend your IT teams, unburden them, and secure your data.
US Cyber Vault is a leading sponsor of the Cyber Security Command Center at HIMSS 2017 in Orlando, FL - Feb 19-23 both in the Cybersecurity Command Center at Kiosk #376-13 and in our own flagship booth 487 right next to the Command Center.