How to develop a data security plan
1. Identify your response team
Companies should identify both their internal and external data security response team members. Internal company team members may include employees representing management, IT, and human resources. External members may include legal counsel, investigators, vendors, and public relations or marketing companies. These team members will work together to make critical decisions that affect the success of the response and the future of the business. Because valuable time can be lost trying to identify and work with response team members, it’s beneficial to identify them ahead of time and engage third parties as needed.
2. Identify critical business continuity and workplace safety issues
The response team works together to anticipate which processes and safety issues could be jeopardized by a cyber-attack. As much as possible, the team should also develop contingency plans to maintain operations while they are investigating and mitigating the damages.
3. Purchase cyber security insurance
Insurance coverage is available for cyber-attacks. It covers damages for all forms of attack, including ransomware. Contact your business insurance agent to get a quote and coverage details. Once a policy is in place, the first step in your response plan should be to notify the insurance company. They may have additional resources to help you mitigate damages and investigate the incident.
4. Assign roles and responsibilities
The next step is to assign roles and responsibilities to internal and external team members. Plan steps may include investigation, coordination with law enforcement, customer and vendor notification, compliance review, and reevaluation of the plan based on lessons learned.
5. Train all employees
Gather team members together and simulate a data breach incident and run through the response plan. This will give members valuable experience working together and going through the process of investigation and mitigation. The plan should be evaluated, and changes made if needed.
5 Tips for avoiding data breaches
1. Locate your data
Find out where your company data, such as employee data, customer data, and proprietary data, is stored. Knowing the exact location of data within your system may reduce the number of customers or vendors you need to notify if a breach occurs.
2. Update software and hardware
Use only the latest in hardware and software and keep them updated. As new technology and information becomes available, you will want to stay ahead. By staying current, you reduce risk.
3. Use encryption and VPNs
Data encryption is a best practice within the cyber security industry, but it isn’t enough to protect your company data. Virtual private networks (VPNs) protect privacy online. They use encrypted data and hidden IP addresses to keep your data and connection safe.
4. Monitor your network
Companies should monitor their networks at all times, so they know whether it has been infiltrated or attacked.
5. Use wire transfers safely
Construction payments often involve large sums of money being transferred between accounts through wire transfers. To ensure the safety of the account information traded in these transactions, all wire transfer information should be confirmed via phone or in person conversation. A wire transfer requested by email should not be sent without verification.
Data security is important for all contractors, especially as more data is now stored electronically. Creating a data security response plan and following best practices will help contractors protect themselves from cyber-attacks.
