Data Breach Alphabet Soup
Theodore J. Kobus III published his A to Z of Healthcare Data Breaches, which he presented at the annual America Society for Healthcare Risk Management conference. This list may be ideal to use or model your own internal training after for more than just data breaches. Initially I thought of trying to showcase some of them in a silly reference; but I thought it might be too OPAQUE.
O – Overreacting is not going to get you through the event
P – Preparedness is key
A – Accept that it will happen to you
Q – Quit keeping old data
U – Understand the laws that impact your organization
E – Empathize with your customers/patients/employees – how are they going to react to your response?
In all seriousness; Q and A (no pun intended here) are both important and I wanted to point those two out. If you don’t need the data, as an organization you need to ask yourself, “what are we gaining by keeping this data?” The liability is attached to every piece of information you retain regardless if you use it or not. Having (and following) data retention policies will limit such a liability. Accepting that it is going to happen, now that’s a hard pill to swallow.;but similar to Emergency Preparedness techniques that many organizations routinely practice. As they say, practice makes perfect even if you never have to use those techniques. Organizations that routinely train for various circumstances are the ones best prepared to handle them. If you accept that a data breach is going to happen, you’ll find yourself equipping and (more importantly) training for how to respond. Whether you attach this to existing emergency practices or not is not as important as actually having a response. Many organizations have suffered both from a Public Relations perspective and financially (fines) by their seemingly lack of response. In the end, training staff how to deal with data breaches because you accept that it will happen will yield positive results from a negative situation. It’s amazing how people remember what to do during emergency situations; I still remember to get under my desk during an earthquake.
Explore more blog posts
Navigating Cybersecurity Regulations Across Financial Services
Learn about five areas businesses should consider to help navigate cybersecurity regulations, such as the Digital Operations Resiliency Act (DORA).
A New Era of Proactive Security Begins: The Evolution of NetSPI
Introducing The NetSPI Platform, the proactive security solution used to discover, prioritize, and remediate the most important security vulnerabilities. Plus, get a first look at NetSPI’s updated brand!
Penetration Testing: What is it?
Learn about 15 types of penetration testing, how pentesting is done, and how to choose a penetration testing company.