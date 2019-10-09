Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

#ACS19: Make Your Friends and Plans Before the Breach

Preparing for data breach response should involve practising with third parties, and repeating the processes. 

Speaking at the ATM & Cybersecurity 2019 conference in London, Mark Whitehead, head of customer breach support at Deloitte said that “reputation is an ethereal thing” and hard to control.

He said that reputation is fundamentally based on two things: what you do; and what you say, also consider how you perform. “If you don’t do everything you can, you’re losing the ability to influence in the first place,” he said. “In terms of how you plan and how you prepare, your role and influence becomes incredibly important and brand and reputation means a lot more than you think it does.”

He recommended having in place the following steps, as “no matter how good you get it, you will never be famous for doing it well, but you will be infamous for doing it badly.” These were;

  • Communications – How do you get out ahead of social media, and don’t develop messages on the fly
  • Speed – This is of the essence, as if you don’t respond quickly, you will be behind the message and the press
  • Capacity and Capability – You have capability designed and sized to support ‘business as usual’ so consider how manage that and support those customers who are affected
  • Identity Protection and Repair – Your insurance will cover this, but only 10-20% of customers will take this opportunity up, so consider if it is an effective means of protecting customers?
  • Professional Expertise – Whether it is a law firm, crisis communications or a claim team, it is important to have professional entities of people who have been through the process before

Whitehead said breach response preparation was a classic case of “make friends before you need them” in the event of a crisis. Pointing at the Information Commissioner’s Office, he said that it is clear in the guidance from the EU to the supervisory authorities' 11 criteria to assess organizations with after a data breach, and whether a fine is relevant, and what the size of the fine should be.

One point states that “any action taken by a controller to mitigate the damage suffered by data subjects” should be considered, and of the 11 criteria, “this is the only one to talk duty of care to data subjects.” 

Whitehead said that, if you have exercised duty of care, you may or may not get a fine. “So worry about duty of care and your customers; not just because from a brand and reputation perspective, as if you don’t look after them they will go elsewhere,” he said. “But you should also worry about your duty of care as it is the tipping point for the supervisory authorities to decide on the size of the fine.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Amex Employee Suspected of Wrongfully Accessing Customer Data to Commit Fraud

2
News

Data of 92 Million Brazilians for Sale on Underground Auction Site

3
News

‘The Cyberthreat Handbook’ Released, Documents ‘Who’s Who’ of Attackers

4
News

Class-Action Lawsuit Filed Against CafePress Following Data Breach

5
News

Global Study Finds Orgs Are Failing to Protect Data in the Cloud

6
News

University to Create New Cybersecurity Approach Inspired by the Human Body

1
News

Survey Reveals Widespread Ignorance Over Attack That Affects Most Companies

2
News

US University Offers First Ever Healthcare-Specific Cybersecurity Certification

3
News

Number of Girls Applying for British Cybersecurity Courses Surges

4
News

#DTXEurope: Hacking Not Always Malicious, Says ‘Samy’ MySpace Worm Creator

5
News

Twitter Admits Personal Contact Details Used by Advertising Systems

6
News

#DTXEurope: Former Chief of MI6 Reflects on Growth of Tech and Cyber-Threats

1
Webinar

The Persistence of Ransomware, New Variants & Better Tactics to Defend & Defeat

2
Webinar

Mobile Access: Best Practices for a Modern Security Approach

3
Webinar

Mitigating the Spear-Phishing Attack Threat

4
Webinar

How Segmentation Leads to Visibility and Enables Compliance

5
Webinar

Are You At Risk? Know Your Cybersecurity Posture With Security Ratings

6
Webinar

Common IAM Fears and How to Overcome Them

1
Interview

Interview: Shlomi Gian, CEO, CybeReady

2
Blog

Signal From Noise: How to Win Customers and Influence CISOs

3
Opinion

Thinking Outside the National Vulnerability Database Box

4
Blog

Security by Sector: Two in Five Real Estate Pros Say Industry is Unprepared for Cyber-Attacks

5
Webinar

Mobile Access: Best Practices for a Modern Security Approach

6
News Feature

EternalGlue: Using NotPetya as a Testing Tool