Are You Prepared for a Data Breach? 3 Questions to Ask Yourself
If you've been woken up by a databreach nightmare recently, you wouldn't be the only one. From the federal government to garden-variety cheaters, it seems that no one is safe from hackers these days. For a GC, few things are worse than being notified that the company's confidential data has been compromised.
Don't let yourself be paralyzed by data breach fears, however. Careful planning can help companies avoid data breaches and respond quickly and effectively should they occur. These three questions can help get your legal department started on that process.
1. What Employee Controls Are in Place?
Despite all the attention given to hackers, most data breaches are caused by human error. Yep, those Chinese hackers aren't nearly as much of a threat as your own employees. Employee negligence and theft are responsible for more than half of all breaches. In fact, employee negligence alone accounts for over a third of all breaches.
That means GCs need to pay special attention to employee controls. Workers who handle sensitive data should have sufficient training and oversight in order make sure confidential data remains protected. Mandatory IT security training and simple preventative measures can help avoid accidental breaches.
2. Who Controls the Supply Chain?
Often, security risks aren't just an in-house problem. Supply chain risks abound, whether it's from company data being shared with outsiders or potentially compromised products coming in-house. Crafting contractor and supplier agreements with cybersecurity in mind can help protect you stave off potential breaches.
3. What Will You Do When Breached?
A quick response can be essential to stemming the damage of a data breach. In-house counsel should make sure their companies have a system in place for identifying and responding to incidents as they occur.
But where should you start when planning? Thankfully, your legal department is not the first to have faced such questions. There are plenty of experts out there, ready to share their knowledge -- and they're not always expensive cybersecurity consultants, either!
Take, for example, the offerings of Thomson Reuters, FindLaw's parent company. The newly updated "Thomas on Data Breach: A Practical Guide to Handling Data Breach Notifications Worldwide" offers a concise, helpful guide to breach notification requirements so that you can have a robust plan in place should a breach occur.
An ounce of prevention is worth a pound of cure -- and that goes for both preventing breaches and being prepared should they occur.
Related Resources:
- Some Good News for Data Breach Victims, For A Change (Forbes)
- In-House Attorneys' Game Plan for Data Breaches and Cybersecurity (FindLaw's In House)
- 5 Ways In-House Counsel Can Improve Vendor Cybersecurity (FindLaw's In House)
- The FTC: A Federal Agency Privacy Advocates Can Love? (FindLaw's In House)