Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


There was a point, a few years ago, when the language among security professionals evolved from talking about how organisations should prevent data breaches to how they should respond when a breach inevitably does happen. The necessity of that shift is underlined by a recent report from SecureLink and the Ponemon Institute, which shows that half of organisations have been breached by a third party in the last 12 months.

According to Paul Balkwell, Vice President – International at ZIX | AppRiver, such alarming stats don’t mean that organisations should give up on preventing breaches, far from it.

“The report shows that a number of breaches can be attributed to outsourcing business functions to third-party vendors,” says Balkwell. “While that seems like an easy win for businesses, there’s a cost and a very real threat to granting third parties access into your internal systems and networks.”

“That’s true of many aspects of business,” he adds. “A short-term cost-cutting measure can end up costing the organisation if it results in a data breach.”

Balkwell also points out that this is especially true when it comes to implementing security measures.

“No organisation should simply trust the default security measures that come with the products and services they use,” he says. “They should also make use of third party security firms that offer 24/7 support, offer threat detection and response, secure backups, and keep you compliant with regulations.”

Even with all of that in place, a data breach response plan is still critical.

“The first step in such a plan is to have a data breach response team in place,” says Balkwell. “The team should be drawn from departments across the organisation, including customer care, executive leaders, IT, and HR. This team should also include external partners (if you don’t have them internally) such as legal counsel, communications, forensics, and your technology providers. Everyone in this team should be aware of what responsibilities they have when it comes to responding to a data breach”.

Once the team is together, simulating different event scenarios will assist the team to work together to execute the planned response.

“While there may be some technical work that needs to be done in the event of a breach, the real emphasis should be on communication,” he adds. “Internally, everyone within the organisation should have an accurate idea of what caused the breach and what steps are being taken to minimise the damage and secure customer records. While employees may not talk to the press, they will talk among themselves as well as to friends and family. If they have a clear idea of what’s going on, they can help create a sense of calm and avert unnecessary panic”.

According to Balkwell, it’s also important that organisations include communication with regulators and legal authorities in their breach response plans.

“There are a couple of important reasons for this,” he says. “First, it is increasingly a legal requirement — thanks to legislation such as GDPR — that organisations inform authorities of breaches. Secondly, having a good relationship with regulators and legal authorities means that they can guide the organization and its impacted customers on whether they need to take any additional steps to those already being undertaken”.

Perhaps the most important part of the response plan, however, is customer communication.

“Security breaches that compromise customer data almost always negatively affect customer confidence,” says Balkwell. “In order to regain that confidence, it’s vital that organisations get information out as quickly as possible — either as reassurance or as notification that their personal information has been breached, and what they should do about it No matter who it’s addressed to, this communication should be calm, informative, and factual.”

Stay safe and refine

Ultimately, an organisation’s data breach response plan should allow it to go into ‘safe’ mode in the event of a breach. This, in turn, should allow it to run system checks to identify the breach, alert a task team and communicate to affected parties, service teams, the information regulator, and media accordingly.

“In order for this to happen, Balwell says, “it’s vital that the plan is repeatedly tested and refined. This not only stops people getting complacent, it helps keep the plan fresh in the face of new threats and employee turnover”.

“Backing up regularly and securely is also critical to breach recovery,” he concludes Your backup provider should be able to address the unique needs of laws such as GDPR and any others that impact the jurisdiction you operate in. This includes, but is not limited to, its choice of data centre, data encryption, at-rest and in-transit rules, and the ability to purge backups. Additionally, adopting a backup provider shouldn’t impact on your organisation’s ability to do business”.

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts