Let's say that you or one of your employees realizes that a flash drive is missing containing customer information. Or the phone rings and the caller informs you that a box of your files was found in a dumpster. Perhaps a few of your customers contact you stating that they did not make several expensive purchases that were made in their names with your organization. What is your plan of action?
These unfortunate scenarios are literally happening to business owners, executives, and employees everyday. Once you become aware that personal, financial, medical, or business information has been exposed the way you respond may save or sabotage your organization.
In addition to notification requirements in 44 states, your initial concerns are investigating and securing the source of the loss, public relations, legal considerations, and appropriate resources for potential victims of identity theft. If your organization comes under investigation, then your practices, security measures, and policies will come into question. Depending upon how well your organization can defend its actions, there may be legal settlements, government intervention, fines, penalties, and even jail time.
The most cost effective way to manage an information breach is long before the breach even takes place. Your best offense is a good defense. There are preventative and response considerations that every organization MUST have in place based upon the scope of their business.
“A defensible position for breach response must be derived from reasonable assessment, training, and implementation of your Identity Theft Prevention Program.”
A Medium to Large Organization A Small Business
