Guide to Data Breach Best Practices

Thursday, January 23, 2014 @ 05:01 PM gHale

Data breaches remain a huge area that needs protection and a new series of best practices are out to help stem the tide of this growing, but avoidable type of attack.

Leveraging preliminary year-end data from the Open Security Foundation and the Privacy Rights Clearinghouse, the Online Trust Alliance (OTA) estimated in its guide over 740 million records suffered exposure in 2013, making it the worst year in terms of data breaches recorded to date.

RELATED STORIES
Stronger Voice Needed with Security Policies
Report: Security Needs Proactive Approach
Report: Execs Still Lack Security Understanding
Senior Mgt Biggest Security Violators

And yet, after analyzing 500 breaches over the past year, the OTA found 89 percent of all breach incidents were avoidable had basic security controls and best practices been enforced.

“Businesses and organizations have a responsibility to protect consumer privacy and prevent data breaches from aggressive cyber thieves,” said Washington State Attorney General Bob Ferguson. “Consumers deserve to know who they can trust. The Online Trust Alliance arms organizations with critical information to reduce cyber risk and protect consumers.”

The annual guide is publishing in advance of Data Privacy Day, Jan. 28, which the OTA commemorates by holding town hall forums and workshops led by cyber security and privacy experts in New York, San Francisco and Seattle. These events come on the heels of several high-profile data breaches victimizing Target Corporation, Neiman Marcus and Adobe — a trend that undermines online trust and underscores the need to implement best practices.

“Data breaches are nothing new and have been around for quite some time; however, what we are seeing is a significant increase in incidents that not only harm consumers, but businesses as well, leading to a breakdown in consumer trust,” said Tim Rohrbaugh, OTA Board Member.

“Having a rigid, black and white approach to security controls and monitoring and being unprepared for an incident will cost businesses more in the end. These town halls are a great venue for business leaders in all sectors to come together and share best practices in improving security controls, customer data management, and data breach incident reporting,” Rohrbaugh added.

According to the guide, best practices can only occur when companies are no longer complacent with meeting minimum compliance standards for data protection. Rather, they must meet the far loftier data privacy expectations of their own customers, by adopting a comprehensive data stewardship strategy that safeguards data across its entire lifecycle, from collection to deletion.

Such efforts go hand in hand with developing an effective Data Incident Plan (DIP), a playbook that a user can deploy on a moment’s notice, delineating the proper steps to take when a breach happens. Businesses must quickly assess the nature and scope of an incident, contain it, mitigate the damage and notify all parties, including law enforcement and customers.

“Consumers and businesses are both victims of rapidly escalating hacking attacks, and as stewards of consumer data it’s incumbent on businesses to adopt best practices to help protect consumers from harm,” said Craig Spiezle, executive director and president of the Online Trust Alliance. “Those companies that fail to do so need to be held accountable, by consumers, regulators and stockholders.

Click here for OTA’s 2014 Data Protection & Breach Readiness Guide.



Leave a Reply

You must be logged in to post a comment.