Target Marketing

You will be automatically redirected to targetmarketingmag in 20 seconds.
Skip this advertisement.

Advertisement
Open Enrollment | Subscribe to Target Marketing HERE
Connect
Follow us on
Advertisement
 

How To Prevent a Customer Data Breach Disaster ... and What To Do When You Fail

March 2, 2011 By Heather Fletcher
Get the Flash Player to see this rotator.
 

1. Data classification: Audit the data being retained, where is it stored and how it should be destroyed. "Today, marketers collect, use and append a great deal of data, yet often do not have the discipline of knowing what is stored, who has access to it or where it is stored. ... They need to employ measures to protect the data (i.e. encryption) that is in transit (moved to service providers or employees) or at rest (stored or archived), and data that is in use."

2. Implementing data loss prevention technologies: Ninety percent of breaches can be prevented through best practices. According to Spiezle, "there are several best practices that are often overlooked or not adequately maintained," including:

  • use of Secure Socket Layer (SSL), an encryption protocol for Internet communications, for all data collection forms;
  • extended validation SSL certificates for all commerce and banking applications;
  • data and disk encryption;
  • multilayered firewall protection;
  • encryption of wireless routers;
  • default disabling of shared folders;
  • dual factor authentication to limit or control access;
  • security risks of password reset and identity verification security questions;
  • upgrading to browsers with integrated anti-phishing and anti-malware;
  • email authentication to help detect malicious and deceptive email and websites;
  • upgrading to current browsers;
  • enabling privacy and data collection controls;
  • automatic patch management for operating systems, applications and add-ons;
  • inventory system access credentials;
  • remote wiping of smartphones; and
  • use of Domain Name System Security Extensions (DNSSEC).
3. Creating an incident response team, which should have:
  • a corporate officer or executive with broad decision-making authority;
  • representation of all key internal organizations;
  • "first responders" available 24/7, in the event of an after-hours emergency;
  • a spokesperson trained with media and incident response who has a deep understanding of operations and security;
  • a team of appropriately trained employees;
  • someone who has access and authority to key systems for analysis and back-up;
  • the appropriate authority and access to management to take actions that may require higher-level approvals; and
  • a summary of key contacts, including after-hour numbers for both internal and external contacts, outside legal counsel, and the PR agency.
4. Creating a project plan that addresses:
  • Who, internally and externally, needs to be informed and when?
  • What data do you or your partners hold and how have you protected it?
  • What changes need to be made to your internal processes and systems to help prevent a similar breach from reoccurring?
  • How damaging will the loss of confidential data be to your customers or partners?
  • How damaging will the loss of confidential data be to your business and employees?
  • What level(s) of law enforcement should be involved?
  • Are the answers above the same for all of your customer segments?
5. Who needs to be notified? Should you notify stockholders, consumers, partners, regulatory agencies and/or law enforcement agencies?

6. Drafting and communicating responses: "The goal is to create templates and draft documents, Web pages, FAQs and other supporting materials in advance," says Spiezle. Those can include:  
  • internal communications;
  • partner communications;
  • phone scripts;
  • on-hold messages;
  • spokesperson training;
  • email and letter templates; and
  • website and FAQs.
7. Providing assistance and remedies to customers or partners affected by the data breach: "This can range from credit reports to ID theft mitigation services," says Spiezle. "The need is based on the breach type and information disclosed."
 
 

SPONSORED CONTENT

MORE ON DATABASE, LISTS AND CRM >>

FROM THE BOOKSTORE

You have a worthy project AND you’ve identified a prospect with means. How do you connect the two in a way that produces a sizable gift? Jerold Panas, America’s premier fundraiser, shows you exactly how in How to Make a Case Your Donors Will Love. Making a Case Your Donors Will Love

You have a worthy project AND you’ve identified a prospect with means. How do you connect the two in a way that produces a sizable gift? Jerold Panas, America’s premier fundraiser, shows you exactly how in How to Make a Case Your Donors Will Love....

ORDER NOW

You know you need to gather donor data. But why? And more 
importantly, how? And even more importantly, what do you do with it once
 you've gathered it? Are you gathering too much? Or the wrong kind?
	This new 
	FundRaising Success
	webinar brings the case-study format of our popular Engage conference 
to an extended, value-added webinar that will dig deep and give 
nonprofits guidance on the best ways to gather and use donor information
 — as well as take the mystery and trepidation out of the whole issue.
	Featuring:
	Page Bullington, Target Analytics; Mazarine Treyz, "The Wild Woman of 
Fundraising and Social Media"; and Roger Hiyama, Russ Reid
	Duration: 75 minutes
	Cost: $19.95AVAILABLE ON-DEMAND UNTIL 9/9/14
	Click here to view this webinar today! Engage Virtual Workshop: Driving Donations with Data

You know you need to gather donor data. But why? And more importantly, how? And even more importantly, what do you do with it once you've gathered it? Are you gathering too much? Or the wrong kind? This new FundRaising Success webinar brings the case-study format of our popular...

ORDER NOW

 

COMMENTS

Click here to leave a comment...
Comment *
Most Recent Comments: