Arkadin

Arkadin is now operating as the Cloud Communications division of NTT Ltd. Together we do great things

“What do you mean, compromised?” Dealing with a data breach

AK_Dealing_with_data_breach

Adobe, Kickstarter, Target… the list of huge companies whose customer details and other sensitive data have been leaked to the world seems to grow every week. And if it can happen to them, it can happen to you. So what do you do if one day you find out it’s YOUR company that has become the hackers’ latest target? Here we offer our step by step guide to coping with a data breach crisis:

1. Prevention is better than cure

Of course, the best way to deal with a data breach is to stop it happening in the first place, and there are several things you can do to tighten up your security. The key principle here is minimizing your risk of exposure: establish robust data protection protocols and train your people how to follow them. Limit access to important systems and sensitive databases, and use secure communications and two-factor authentication as a matter of course.

Financial data should be kept on a separate computer, and BYOD devices should be secured by your IT team before they are allowed access to your network.

2. Keep on top of network security

There are a few simple steps you can follow to ensure your network stays resilient against common attacks. First of all, ensure you install software and operating system updates on all devices in a timely fashion – including those brought in by your employees.

Hire a reputable company to perform periodic penetration testing on your network, which will help identify and secure any weak spots – and ensure unauthorized users don’t find them first. Set up automatic alerts if there is any unauthorized or unusual activity on your network – so someone empowered and able to fix problems is made aware if anything happens.

Designate a compliance officer who can assume responsibility for employees following your data protection policies – and remember to treat all vendors in the same way: ensure they are vetted, and require them to test their networks to the same degree as you do.

3. Don’t Panic!

If, despite your best efforts, an emergency does arise, it’s best to be prepared. Establish a process in advance so when the worst does happen, everyone knows what to do. Establish a single point of contact to deal with stakeholders and keep everyone updated. Draft a communications plan including drafts of statements so you can stay in control of information flow. And, most importantly, start managing the situation immediately, even if you don’t have perfect information. Every minute counts if you are to keep your customers’ trust.

It’s an old saying in business that it isn’t the mistakes you make that matter; it’s how you deal with them. It’s vital that you give customers a remedy for the problem you’ve presented them with: establish a call center that can help if sensitive information has been compromised. For key customers, it pays to talk face to face. Hosted conferences are a good way to get this level of contact at very short notice, so you can announce the problem properly and establish action plans. Most importantly, hold regular drills so everyone in your company knows what to do.

Of course, no policy or safeguard can ever be 100% foolproof. But by taking these simple steps, your business will be more resilient, more robust – and more ready to regain the trust of your customers if the worst does happen.

About the author

Moise Zapater is Arkadin’s Architecture Practice Manager, leading a team of nine architects in charge of designing the company’s collaboration software development as well as the infrastructure and network on which they are deployed. He is also responsible for pushing standards in the implementation and rollout of supporting projects, and assisting in the production operation of troubleshooting serious technical issues. Having spent the past 12 years in conferencing – seven of which at Arkadin – Moise has worked in software development, architecture and product management. Outside of conferencing services, Moise is keen on rugby and guitar, and dabbles in drawing, painting and sculpture.

Leave a Reply

Together we do great things