2015 was marked by far too many digital security breaches, a trend that every organization hopes to see reversed in the coming year. Unfortunately, it is unlikely that we’ll be able to stop them all. In this digital era, security breaches are part of the new normal.
So what should you do when facing a security breach? The most important thing that you can do is stay calm. If you keep your wits about you, you will be better able to approach the problem and implement a solution to protect your organization. Here is how to move forward in the face of a digital security breach.
Plan ahead. While you may not be able to plan for the exact details of a security breach – if you could, then you could prevent it from happening – what you can do is prepare a preliminary plan of action for any future breach. Write out a general timeline for what actions need to take place and in what order. This way, when something does happen, you do not lose any time giving direction. All you need to do is to fill in the specifics of the event.
Communicate clearly and calmly. When a data breach does occur, it is important to prioritize communication with your team and with your clients. Start with your team. Describe the event, review the plan of action, and make sure that everyone is clear on his or her role. It can be worth it to sit everyone down to discuss the breach rather than send emails about the issue. This allows people to ask questions in real time rather than sending lots of follow-up messages.
After you have alerted your team, everyone can split off to appropriate tasks ranging from developing a patch to prevent system attacks to calling high-profile clients. You will also need to contact a range of other people, including a legal representatives, police and possibly federal agencies, depending on the size of the breach. Additionally, make sure your public relations department is ready to issue a statement and field phone calls. Give them a quick FAQ sheet and a directory of who to call about which issues. By preparing public relations as well as you can, you avoid clogging up other employees’ lines with client issues.
Talk and train. While a security breach tests training effectiveness on the ground, this is also a good opportunity to schedule follow-up training. Then, while working to resolve this breach, note the areas in which employees struggle. These should be central to your next training session.
You should also contact some of your industry peers to find out what they do to prevent security breaches. This does not mean that you need to mimic their strategies, but if you know that someone is using a different approach, you should document clearly why you are doing something else. That way, if you do suffer a breach, you have demonstrated a well-thought-out strategy rather than an arbitrarily chosen system.
Big fixes, small details. Ultimately, when your organization suffers a data breach, it is important to focus your attention on two issues: the big problems that need to be remedied immediately and the small problems that contributed to the breach but were overlooked during earlier development phases. Start big, and then shift to the small to protect yourself now and down the road.
As organizations become more attuned to security risks and how to prevent them, many are hoping that 2016 holds fewer hacking incidents. But to make this dream a reality, every organization will need to regularly assess its security systems and breach preparation. Failure to plan is planning to fail, so put that plan in place now.
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access