Unfortunately, the nature of modern government and contractors is that a data breach is likely a matter of “when” instead of “if.” There are some scenarios when silence is the right solution, but we believe that most data breaches should be communicated to stakeholders as quickly as possible – not just to protect yourself legally, but because it is the right thing to do. Make a conscious decision ahead of time on how you will handle it. Execute the steps and update stakeholders on progress.ĭata security is not just an IT issue it’s a business risk.Develop and announce concrete steps for mitigating the damage and securing data better in the future.Explain your response and why it was correct.Share important data about the nature of the crisis and provide good news if possible.A cover-up is usually far worse than the mistake itself. Acknowledge the facts, and don’t try to hide the breach.When a breach does happen, these five steps will help plug the technical leaks and mitigate brand damage: It’s hard to earn trust during a crisis, especially one as impactful as people’s information being compromised, which is why we recommend building trust ahead of time. Agency heads, Congress, regulators, and watchdogs should be aware of what you’re doing and why. The second prong is to inform stakeholders about what you’re doing to protect their data. The first prong is to identify the kind of data that can be breached and assess its impact on national security and private citizens’ safety.ĭoing this ahead of time will ensure you respond faster and better during a breach, because you don’t want the first time you think about navigating a breach to be during the real event. User training is one of the least expensive and most effective ways to prevent a data breach.Ī two-pronged pre-breach communications strategy also is necessary. Many data breaches are a result of social engineering (manipulating someone into revealing information or performing other detrimental actions – through techniques like email phishing or faking a text from the CEO). In addition to the legal/regulatory controls that the law requires, administrative solutions include security awareness training for your staff to avoid social engineering attacks. Or they may include personal data (such as a home address) in the body of an email from a call center representative.ĭLP systems monitor the data of the system in use, in transit, or at rest to detect attempts to steal the data from places like email, messaging apps, Excel files, cloud applications, and databases. ![]() Or they may overshare data with their contractor, unnecessarily exposing people’s personal data. They may email a spreadsheet to their personal email so they can finish work at home. Many times, a data loss or data breach is the result of your team or employees attempting to do their job and inadvertently exposing data. So will proper firewall configurations, network intrusion detection systems, and the right set-up for your cloud managed service.ĭata loss prevention (DLP) solutions are a special type of technical solution that warrants its own category. ![]() However, basic security preparation and planning should be on everyone’s agenda.ĭigital solutions like anti-virus programs, proper usernames and passwords, and patches on endpoints like desktops and point of sale terminals will ensure across-the-board protection and will prevent human error from exposing information. ![]() There is no “one size fits all” for effective security measures for federal agencies and contractors. Vigilance and preparation can solve most data breach risks, including how agencies and contractors should communicate breaches to the public. That’s why many data breaches can be prevented with straightforward policy changes, use of effective cybersecurity technology, and security training. They happen despite agencies’ and contractors’ best of intentions, through accidents, lack of security awareness, or social engineering attacks from external threats. ![]() He is a classic example of an “insider threat,” someone who maliciously and intentionally takes actions to breach data.īut most government data breaches aren’t nearly so spy-movie ready. Massachusetts Air National Guardsman Jack Teixiera’s arrest for leaking Pentagon data has made headlines for weeks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |