Mandatory Data Breach legislation: Do you have a Data Breach Response Plan?

[one-half-first]22 February 2018 is fast approaching, and with it the new Data Breach Laws.

If you run a business, you need to be aware of your obligations under this new law.  One part of this obligation could be to have a response plan. Failing to disclose a breach can leave individuals and business subject to significant fines for non-compliance. So what should a plan look like?[/one-half-first][one-half]

[/one-half]While every plan needs to be tailored to the individual business needs, some common things to consider in your plan might include:

1. How to determine a suspected breach?
2. What should the staff member who detected the breach do?
3. What should the Company Directors do?
4. How do you contain the breach?
5. How do you determine the risks associated with the breach?
6. Who needs to be notified?
7. How do you prevent further breaches?

The legislation does vary across industries, so it is also worth checking with your relevant industry association as to what you may need to do.  If you are in the Financial or Medial industries, you may also have additional obligations.From an IT perspective, we believe that prevention is also imperative to reduce your risk.There are a number of strategies and technologies that Greenlight has put in place that can significantly reduce the likely hood of your systems being compromised. Some of the technologies we already deploy for our clients include:

1. Penetration tests – when was the last time a ‘white hat’ hacker tried to breach your network?
2. Phishing campaigns – We have software to send fake malicious emails and provide video training to anyone who gets tricked into downloading our fake malware.
3. 2-factor authentication – to increase password security by requiring a second form of authentication, such as a mobile device.
4. Mobile device management – So we can remotely wipe your phone or laptop if it gets lost or stolen.
5. Single Sign on – a system to sign onto every cloud platform with a single login, meaning that your users never need to know more than one password.

There is no silver bullet, the threat landscape is constantly changing, and the rise of crypto-currencies and ransomware is only adding fuel to the fire.  However if you combine all of the five items above, the your systems will be harder to compromise and an It team may be able to mitigate any damage quickly, thus protecting your business.If you would like help in formulating a Data Breach Response Plan, or improve the security of your systems in response to this new law, please talk to your Greenlight account manager or contact our sales team for further assistance.