5 Keys for Data Breach Prevention
In 2015, the banking, credit and financial industries have reported more than 40 data breaches that exposed more than 400,000 records. The breached entities range in size from a 200-location independent mortgage company to global banks with high name recognition.
Data breaches don’t just happen to large banks. Community banks also fall prey to cyber-attacks and breaches. When a data breach occurs, it’s increasingly becoming a question of “when,” not “if,” are you prepared?
Five keys when preparing your data breach response:
1. Have a written data breach response plan that you update regularly.
Most banks have data breach reporting plans in place. But a written response plan is essential to outline activities during breach response. This plan needs to clearly outline:
- Who will be responsible for key actions and how the situation will be contained
- How you will communicate to customers, regulators and the media
Your plan cannot remain static. It needs to evolve as conditions change. You need to revisit, test and update it regularly, at least once a year, and more often if significant environmental changes occur.
2. Use a breach service for the right reasons.
These service providers can help you refine your data breach response plan, react quickly and effectively if a breach occurs and keep you from running afoul of data breach regulations. If personal identifying information is exposed in a breach, utilize a partner to monitor and stop new account inquiries. In addition, offer a resolution service. So if the consumer experiences an issue, they will have a dedicated, professional team to help them through the identity restoration process. Do not rely on credit bureau monitoring to catch misuse of existing credit and debit cards
3. Keep control of the customer relationship.
The reputational damages of a data breach can last longer and be more devastating than the monetary losses your bank might incur. Effective, personalized management of your relationship with consumers is the best tool for mitigating reputational damages and restoring customer confidence. This is too important to leave in the hands of an outside agency. Choose a data breach partner who will allow you to retain control of the customer relationship.
4. Offer identity theft protection and make it easy to enroll.
Establish a relationship with an identity theft protection provider as part of your data breach response plan. If a breach occurs, act quickly to offer this protection to affected customers and use online and phone registration tools to make it as easy as possible for them to enroll.
5. Choose a partner that understands your regulatory environment.
Data breach response regulations are complex on their own. Privacy standards and banking industry regulations add even more complexity, so it’s essential that you choose a data breach response partner that understands your regulatory environment and is familiar with data breach regulations.
If you would like help updating your data-breach response plan, call ITPAC today.