Data breaches are inevitable these days, which is why having a well-defined incident response plan and team in place is a necessity.
Addressing the Human Element
Without a doubt, employees are the weakest link in the security chain. While businesses have done an excellent job during the last decade of improving the process and technology aspects of IT security, many of them have fallen short in properly training their own employees on how to protect company data.
The curious and fallible nature of humans demands that companies train their employees about the appropriate security concerns. Bring your own device (BYOD) also complicates matters as employees create new risks by accessing and storing company data via their own mobile devices including laptops, phones and tablets. Employees must be educated and motivated to think about and understand the possible security risks and consequences associated with their behavior, whether it's clicking on a link in a phishing email or wrongfully using a public Wi-Fi network.
Preparing for the Inevitable
It is critical that an organization be aware of new and emerging security risks and methods, if possible, to address them. Yet, even with all the standard precautions in place, data breaches will continue to happen. Organizations will always be vulnerable, but how they prepare for the inevitable breach can help ease the pain when it occurs. Preventative measures will minimize disruption to customers, operations and productivity, and aggressively managing through the security breach will yield a much more desirable outcome.
About the Author
David Barton is a managing director at UHY Advisors, and leads the Internal Audit, Risk and Compliance practice. He is an expert in information security and technology risk and controls. You can reach him at firstname.lastname@example.org and follow him on Twitter at @ITcontrolsfreak.