No company, big or small, is immune to a data breach. Many small employers falsely believe they can elude the attention of a hacker, yet studies have shown the opposite is true - a growing number of businesses with fewer than 100 employees are reporting data breaches every year.
Data breach response policies are essential for organizations of any size. A response policy should outline how your company will respond in the event of a data breach, and lay out an action plan that will be used to investigate future potential breaches to mitigate damages.
What is a Data Breach?
A data breach is an incident where Personal Identifying Information (PII) is accessed and/or stolen by an unauthorized individual. This includes:
- Social Security Numbers
- Credit Card Information
- Tax Identification Information Numbers
- Payroll Information
- Medical Information
What are Your Internal Responsibilities Upon Learning of a Breach
Breaches or suspected breaches must be investigated immediately. Since all PII is of a highly confidential nature, only personnel necessary for the data breach investigation should be informed of the breach. The following information should be reported to appropriate management personnel:
- When (data & time) did the breach happen?
- How did the breach happen?
- What types of PII were compromised?
- How many customers/employees were affected?
Once basic information about the breach has been established, management should make a record of the event and people involved, as well as any discoveries made over the course of the investigation to determine whether or not the breach has occurred.
Once a breach has been verified and contained, perform a risk assessment that rates the:
- Sensitivity of the PII (customer contact information alone may present much less threat than financial information)
- Amount of PII lost and number of individuals affected
- Likelihood that PII is usable or may cause harm
- Likelihood that PII was intentionally targeted
- Strength and effectiveness of security technologies protecting PII
- Ability of the company to mitigate the risk of the harm
Data breaches can have immediate and long-term negative effects on your company. Cyber Liability Coverage can help you if you experience a breach.
Contact Carriage Trade Insurance to learn more about the best Cyber Liability Coverage for your company.