Data Breach, the Achilles’ heel of CEOs

Le 3 juin 2017 dans English, Resilience

Data Breach, the Achilles' heel of CEOsNot a week goes by without sophisticated attack targeting businesses: ransomware or theft of personal or sensitive data.

If managed poorly, a major security incident can result in financial, image and reputation costs. As a study reveals, if more CEOs are getting forced out for ethics violations1, they are also having to leave for data breaches2.

Most of our customers are aware of the risk of a data breach. We help them through targeted actions to prevent and prepare for management of this type of incident.
As we have seen on many occasions, awareness-raising actions are more and more common in companies.
Building a crisis response organisation is not an end in itself. You need to practise and update it (particularly the lesson learned).

The reason behind this is that the risk of data breaches will not disappear. This article is intended as the beginning of a response.
It is not meant to provide a turnkey answer that applies to all companies but is intended to illustrate some key challenges that your organisation may be facing.

The sooner your company gets organised and ready, the better it will be able to cope.

Some key actions to be implemented when discovering a violation of personal or sensitive data are:

1 – Collect information about the data breach

Some examples of information to be collected:

  • Date, time, duration and location.
  • How was the data breach discovered, by whom? And all the details known and missing as the beginning of the investigation ?
  • Inventory details of compromised or missing data to be updated as the investigation proceeds.

2 – Contain the data breach

For digital or non-digital data, if you have established procedures apply it here.

If this is not the case, you should rely on expert reports, which will provide you with key actions to implement and possible risks guidance. But in this case, it is a real action plan that will have to be developed to eliminate vulnerability and prevent recurrence.

3 – Analyse all the impacts of the data breach

It is a question of collecting all the information after your investigation to determine the impacts: customers, image and reputation, regulation and financial.

For some matters, you will have to rely on internal or external expertise.

4 – Communicate

You will have to communicate with several key professionals: lawyers, authorities, insurers, clients, employees, media, …

To do this, it will be necessary to validate different communication strategies, to create a communication plan and to ensure its implementation and its follow-up.

You thought you were done with the main actions! This is not the case!

After the investigation, notification of data breaches and communication actions, we need to follow a new set of actions.

5 – Implement corrective actions

It is a matter of implementing all corrective actions to repair the damage caused to your organisation or to the customers concerned: to monitor the data and to provide customers concerned with support or compensation.

6 – Prepare for the litigation which may emerge as a result of this data breach, including court proceedings

Consider potential investigation by authorities on your premises and involving your staff.

7 – Perform a thorough analysis of the data breach to determine root causes in order to strengthen your internal practices

8 – Evaluate the effectiveness of the response to the data breach

This will lead to the revision of the crisis management process and the strengthening of your internal skills.

If you want a point of view adapted to your organisation, schedule a videoconference meeting: https://www.emoveo.fr/visio/

 

 

 

More CEOs are getting forced out for ethics violations
https://www.washingtonpost.com/news/on-leadership/wp/2017/05/15/more-ceos-are-getting-forced-out-for-ethics-violations/?utm_term=.9313e45b8e6c

Data breaches often result in CEO firing
http://www.csoonline.com/article/3040982/security/data-breaches-often-result-in-ceo-firing.html

US Target Gregg Steinhafel fired for data breach
http://www.news.com.au/finance/business/retail/us-target-gregg-steinhafel-fired-for-data-breach/news-story/f88439193e0ec4a8b324edc5f1cb89c5

Jean-Marc Sepio : emoveo

Par Jean-Marc Sépio

Articles suggérés

Cybersecurité : l’investissement gagnant c’est…

Dilapider tout un budget en solution technologique ne garantit pas une réponse efficace face à la…

Lire la suite de l'article

Face au tsunami des données, devenez data résilient

Plus que jamais, la capacité de gérer les volumes de données est essentielle au développement…

Lire la suite de l'article

Recevez le résumé de notre petit-déjeuner sur le RGPD

Petit-Déjeuner ce mercredi 26 avril, en présence de participants venant de différents secteurs d’activité, nous…

Lire la suite de l'article

Les métiers d’emoveo

s’engager pour le succès de nos clients

Les missions que nous entreprenons sont marquées par la coopération : nous travaillons de concert avec nos clients, pour garantir le sur-mesure, le pragmatisme et le transfert de compétence.

Découvrir les métiers d’emoveo