Open Enrollment | Subscribe to Target Marketing HERE
Connect
Follow us on
Advertisement
 

How To Prevent a Customer Data Breach Disaster ... and What To Do When You Fail

March 2, 2011 By Heather Fletcher
Get the Flash Player to see this rotator.
 

1. Data classification: Audit the data being retained, where is it stored and how it should be destroyed. "Today, marketers collect, use and append a great deal of data, yet often do not have the discipline of knowing what is stored, who has access to it or where it is stored. ... They need to employ measures to protect the data (i.e. encryption) that is in transit (moved to service providers or employees) or at rest (stored or archived), and data that is in use."

2. Implementing data loss prevention technologies: Ninety percent of breaches can be prevented through best practices. According to Spiezle, "there are several best practices that are often overlooked or not adequately maintained," including:

  • use of Secure Socket Layer (SSL), an encryption protocol for Internet communications, for all data collection forms;
  • extended validation SSL certificates for all commerce and banking applications;
  • data and disk encryption;
  • multilayered firewall protection;
  • encryption of wireless routers;
  • default disabling of shared folders;
  • dual factor authentication to limit or control access;
  • security risks of password reset and identity verification security questions;
  • upgrading to browsers with integrated anti-phishing and anti-malware;
  • email authentication to help detect malicious and deceptive email and websites;
  • upgrading to current browsers;
  • enabling privacy and data collection controls;
  • automatic patch management for operating systems, applications and add-ons;
  • inventory system access credentials;
  • remote wiping of smartphones; and
  • use of Domain Name System Security Extensions (DNSSEC).
3. Creating an incident response team, which should have:
  • a corporate officer or executive with broad decision-making authority;
  • representation of all key internal organizations;
  • "first responders" available 24/7, in the event of an after-hours emergency;
  • a spokesperson trained with media and incident response who has a deep understanding of operations and security;
  • a team of appropriately trained employees;
  • someone who has access and authority to key systems for analysis and back-up;
  • the appropriate authority and access to management to take actions that may require higher-level approvals; and
  • a summary of key contacts, including after-hour numbers for both internal and external contacts, outside legal counsel, and the PR agency.
4. Creating a project plan that addresses:
  • Who, internally and externally, needs to be informed and when?
  • What data do you or your partners hold and how have you protected it?
  • What changes need to be made to your internal processes and systems to help prevent a similar breach from reoccurring?
  • How damaging will the loss of confidential data be to your customers or partners?
  • How damaging will the loss of confidential data be to your business and employees?
  • What level(s) of law enforcement should be involved?
  • Are the answers above the same for all of your customer segments?
5. Who needs to be notified? Should you notify stockholders, consumers, partners, regulatory agencies and/or law enforcement agencies?

6. Drafting and communicating responses: "The goal is to create templates and draft documents, Web pages, FAQs and other supporting materials in advance," says Spiezle. Those can include:  
  • internal communications;
  • partner communications;
  • phone scripts;
  • on-hold messages;
  • spokesperson training;
  • email and letter templates; and
  • website and FAQs.
7. Providing assistance and remedies to customers or partners affected by the data breach: "This can range from credit reports to ID theft mitigation services," says Spiezle. "The need is based on the breach type and information disclosed."
 
 

SPONSORED CONTENT

MORE ON DATABASE, LISTS AND CRM >>

FROM THE BOOKSTORE

A guide to delivering a better user experience through A/B testing: Offers best practices and lessons learned from over 100,000 experiments run by over 2,000 Optimizely customersDetails a roadmap for how to use A/B testing to personalize your customer's web experience and a practical guide to start A/B testing todayAuthors Dan Siroker and Pete Koomen are cofounders of Optimizely.com, an user-friendly testing system that more than 2,000 organizations use A/B Testing: The Most Powerful Way to Turn Clicks Into Customers

A guide to delivering a better user experience through A/B testing:
Offers best practices and lessons learned from over 100,000 experiments run by over 2,000 Optimizely customersDetails a roadmap for how to use A/B testing to personalize your customer's web experience and a practical guide to start A/B testing todayAuthors Dan...

ORDER NOW

One of the only books for fundraisers on monthly giving! Tips on how to make monthly giving work alongside other fundraising effortsHow to acquire monthly donors through different channels such as email, social media, direct mail, television and radioAnd much, much more! Monthly Giving: The Sleeping Giant

One of the only books for fundraisers on monthly giving! Tips on how to make monthly giving work alongside other fundraising effortsHow to acquire monthly donors through different channels such as email, social media, direct mail, television and radioAnd much, much more!...

ORDER NOW

 

COMMENTS

Click here to leave a comment...
Comment *
Most Recent Comments: