Planning for Business Emergencies: Data Breaches Explained

Businesses face a number of potential emergencies that threaten their bottom line or even their survival. One of the most devastating risks a company must deal with comes from the realm of cybersecurity, particularly data breaches. A data breach can happen to any business, government agency, educational institution, or other entity and may result in a multitude of negative and long-lasting consequences for the affected organization as well as their clients or customers. Larger entities are more popular targets, but any organization can become a victim. For this reason, everyone who handles sensitive data must learn and enact strong cybersecurity practices at all times to avoid a potentially costly breach.

A data breach is legally defined as either some form of unauthorized access to personal information or the exposure of such information to the public. This can include the personal information of employees, clients, customers, or other people. Such information includes but is not limited to home addresses, Social Security numbers, or financial account passwords. The definition of a data breach may also include a company's financial records, intellectual property such as unreleased movies or product blueprints, or other important information that is meant to be kept secret. This data has significant value, and its theft is illegal under a variety of state and federal laws. Data breaches are quite often the result of cyber-criminals forcibly intruding on a company's computers or network; however, they may also be accidental in nature, stemming from an employee's error or a mistake by a third-party organization. Many studies have shown that accidental data breaches are about as common as breaches caused by hostile attacks. According to MarketWatch and the Identity Theft Resource Center, the number of known and recorded data breaches is increasing, from less than 200 in 2005 to more than 1,300 in 2017.

There are many serious reasons why a company would want to prevent a data breach. For one, there is the sometimes irreparable damage that an organization's reputation may suffer when news gets out that clients' personal information has fallen prey to public exposure or theft. This becomes even more certain in states where the law requires organizations to disclose data breaches and inform their clients or customers. There is also the possibility of legal liabilities, including civil judgments or fines that an entity may face as a result of a data breach. Companies may also be required to compensate their customers for financial harm or inconveniences caused by such an incident. Customers or clients whose information is involved in a data breach run the risk of falling victim to identity theft, public embarrassment, or even stalking.

While preventing a data breach is extremely difficult, there are ways in which a business can reduce the odds of employee error or third-party negligence and make things prohibitively difficult for cybercriminals. These steps include training employees on tactics and strategies related to cybersecurity as well as physical security. There should be a security department that monitors computer networks and logs, watches for intrusion attempts, and ensures that all systems are updated with the latest security patches. Organizations should enact strong password policies and limit employee access to only the physical and network-based assets that are necessary to complete their job. There should also be a regular policy and schedule for backing up data that is important to the company, securely deleting data that is no longer necessary, and coping with a disaster in case something goes wrong.

Please see the following links for more information about how to reduce the risk of a data breach:

You are well on your way toward protecting your staff and organization.

Take the next step toward protecting your organization by learning more about emergency notification systems and the vital role they play in your emergency preparedness plan.