Security breaches are quite prevalent in the media today. Many security experts feel it’s not a question of if your company will suffer a breach of your information, but when. A panel at the NIBA Annual Members Meeting recently explored this topic.
Preparation for a potential event is key to being able to address it. Information Technology (IT) enterprises of all sizes need to know exactly what data they have, where it is stored, and what the potential threats to the data are. Even small companies need to pay attention to the basics of securing their computing environment. These include:
• Timely patching of operating system and other software
• Using strong passwords for machine access
• Performing backups of critical data
• Protecting sensitive data through full disk or file encryption
• Using a host-based firewall and anti-virus software
• Learning to recognize phishing and other scams
Drafting an Incident Response plan in advance of having to address a breach is key. Companies should understand what mechanisms they will use to identify that a breach has occurred, who will be involved in the investigation and how the incident will be addressed. Developing relationships with external experts whom you may want to call on during an incident before it happens will smooth the path for addressing the breach.