What is Impact Reduction?

While the majority of successful companies of today are aware of common security issues and put considerable effort towards preventing them, no set of security practices is 100% efficient. Because a breach is likely to happen if the prize is big, companies and organizations must also be prepared to contain the damage.

It is important to understand that the impact of a breach is not only related to the technical aspect of it, stolen data, damaged databases, or damage to intellectual property, the damage also extends to the company’s reputation. Responding to a data breach is a very dynamic process.

Below are some important measures a company should take when a security breach is identified, according to many security experts:

    Communicate the issue. Internally employees should be informed of the problem and called to action. Externally, clients should be informed through direct communication and official announcements. Communication creates transparency, which is crucial in this type of situation.

    Be sincere and accountable in case the company is at fault.

    Provide details. Explain why the situation took place and what was compromised. It is also expected that the company take care of the costs of identity theft protection services for affected customers.

    Understand what caused and facilitated the breach. If necessary, hire forensics experts to research and learn the details.

    Apply what was learned from the forensics investigation to ensure similar breaches do not happen in the future.

    Ensure all systems are clean, no backdoors were installed, and nothing else has been compromised. Attackers will often attempt to leave a backdoor to facilitate future breaches. Make sure this does not happen.

    Educate employees, partners, and customers on how to prevent future breaches.