By Robert Pizarro
In recent years, many of the biggest companies in the world have been victims of major data breaches. During that same time, thousands of small- and medium-sized businesses, including nonprofit organizations, have also had their data compromised. Whether your clients' organizations are large or small, it’s critical to make sure they are prepared for a data breach.
How to Prepare Your Clients for a Data Breach
Step 1 – Create a Breach Response Team
This cross-functional team should coordinate and implement a breach response plan for the entire organization and be the primary contact should a breach occur.
Step 2 – Assess Storable Data
It is critical that you know what information is being stored so an appropriate response can be launched. Here’s what’s critical to know:
- What type of data is being held about customers, employees and vendors?
- Where is that data stored?
- Which systems handle this data?
- Are security protocols and tools current?
- Which team members are responsible for each of those systems?
- Do any third parties handle the organization’s data?
Step 3 – Assess Existing Liabilities and Obligations
Once sensitive information in data files is known, a suitable action can be deployed on behalf of those parties who must be notified in a timely manner. Who must be notified and when? Who are you required to notify? How soon do they need to be notified?
Step 4 – Create a Contact List
Identify the organization’s stakeholders who need immediate notification in the event of a breach. That may include:
- Team members to be available to respond to unexpected necessities
- Legal advisors to ensure all obligations are identified and included in the plan
- All key contributors and partners who need to be informed or advised of a breach
Step 5 – Create a Breach Response Plan
If a breach occurs and a plan is in place, a response should be automatic. The sooner affected parties are notified, the better the long term outcome. Essential to a breach response plan are:
- Engage with a forensics expert to identify the data that has been compromised and take immediate steps to stop the breach and/or take the data offline.
- Contact legal advisors to ensure all necessary legal steps are prepared.
- Tailor a communication plan according to legal notification requirements.
- Follow the detailed communication plan to notify parties that may be affected by the breach, (customers, employees, vendors, etc.).
Make Sure Your Clients are Covered
While it's important to do evrything you can to prepare and prevent a breach, your clients also need to be prepared in the event that a breach can't be prevented. With a Cyber Liability policy from AmTrust, your clients can be confident that their assets will be covered. Not an AmTrust appointed agent?
Did you find this article helpful? You might also like Cybersecurity sense: Do you know the early warning signs of a data breach? Subscribe to our blog to get a weekly email update about new content, and never miss another post!
Robert Pizarro is Professional Lines Project Manager for AmTrust North America, a multi-national property and casualty insurer specializing in coverage for small businesses.
Editor’s Note: This blog was originally published on January 3, 2017 and has been updated and edited.