Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Posts
By: Paul Reissner
Table of content
In April 2018, a Personally Identifiable Information (PII) breach associated with Panera Bread Company’s customer loyalty and delivery programs was uncovered. Millions of records were publicly available for at least eight months, including customer emails, addresses, and payment card information.
With mega-breaches impacting corporations like Equifax (September 2017, 143 million records) and Yahoo (August 2013, 3 billion records) becoming more common, it is tempting to assume that only large organizations are susceptible or data from a few years ago is unimportant. However, all data is valuable, once it is uploaded online it remains there indefinitely, and there is ample opportunity to learn from their missteps to develop or improve your own incident response procedures.
A recent Ponemon/IBM report identified that the average time to detect a breach is 191 days with an additional 66 days needed to contain it. In Panera’s case, one of the biggest factors causing a delay was a lack of established trust between the security researcher and the organization. This lack of trust is evidenced by the Security Director of Panera believing that the researcher was attempting to scam the company – a common knee-jerk reaction when breaches or vulnerabilities are disclosed. While we do not know what internal policies may have been present or the lasting impact this breach may have on the company and its clientele, the handling of this situation highlights the importance of corporate governance in Information Security.
Formally adopted and regularly updated policies establish the framework wherein administrative safeguards are implemented and provide guidance for technical controls. Breach handling is typically addressed by an Incident Response (IR) plan, often outlined in an Information Security Policy, which also includes provisions for assessing notifications originating from a third party. Organizations of all sizes and regulatory restrictions have confidential data (e.g., client lists, billing information, the “secret sauce” that gives them a competitive edge) that requires protection and could benefit from an IR plan. The impact of this data falling into the wrong hands varies but is always negative and can have a lasting impact on an organization’s reputation.
It is crucial that processes are in place for responsible breach disclosure, both to your organization and to your clients. Proactive processes help maintain the trust relationship you have with your clients, employees, and the public. The specifics of any process or plan are dependent on your business needs; however, here are some recommended steps:
The easiest way to establish communication is to create a mailbox that is regularly monitored by one or more employees who have been designated as members of your IR team. For example, “[email protected]” is commonly accepted as the standard for responsible disclosure by security researchers and should be referenced on your website. However, your IR team should verify and validate every notification, and be wary of demands for compensation. . Responsible disclosure requires this information to be shared freely. Once validated, conduct a risk assessment to determine the impact this issue may have and create a plan to mitigate the issue. If the issue impacts your clients, it is important they are informed of what steps are being taken to address the issue and to prevent this issue from reoccurring prior to or during actual mitigation.
It would be unthinkable to wait until a disaster to establish a disaster recovery plan; after all, failure to plan is planning to fail. So, it is crucial to establish plans and procedures before a disaster strikes. There is no “one size fits all” answer to security; however, solutions like advanced endpoint anti-virus, Unified Threat Management (UTM) appliances, and Security Information and Event Management (SIEM) appliances can provide greater insight into activity on your network and provide a higher level of protection than traditional anti-virus and firewalls. Regardless of the solutions that are in place, being proactive and having strong governance will help your organization be successful.
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.