In recent years, many of the biggest companies in the world have been victims of major data breaches. During that same time, thousands of small- and medium-sized businesses, including non-profit organizations, have also had their data compromised. Whether your organization is large or small, it’s critical to be prepared for a data breach. These steps can help.
Step 1 – Create a Breach Response Team. This cross-functional team should coordinate efforts throughout an entire enterprise and be the primary contacts should a breach occurs.
Step 2 – Assess storable data. It’s critical that know what information is being stored so an appropriate response can be launched. Here’s what’s critical to know:
• What type of data is being held about members, contributors, employees and vendors?
• Where is that data stored?
• Which systems handle this data and are security protocols and tools current?
• Which team members are responsible for each of those systems?
• Do any third parties handle your member data?
Step 3 – Assess existing liabilities and obligations. Once sensitive information in data files is known, a suitable action can be deployed on behalf of those parties who must be notified timely. Who must be notified and when? Who are you required to notify? How soon do they need to be notified?
Step 4 – Create a contact list. Identify stakeholders who need immediate notification. That may include • Team members to be available to respond to unexpected necessities.
• Legal advisors to ensure all obligations are identified and included in the plan.
• All key contributors and partners who need to be informed or advised of a breach.
Step 5 – Create a communication plan. The sooner you alert your members are alerted, the better the long term outcome. Essential to communication are:
• How and when how and when members are alerted
• Who will address key contributors
• How and if this information to the media will be informed.
Step 6 – Don’t Panic. If a breach does occur and the above plan is in place, response should be automatic:
1. Contact the Breach Response Team and trust them to execute their tasks
2. Identify the data that has been compromised and take immediate steps to stop the breach and/or take the data offline.
3. Contact legal advisors to ensure all necessary legal steps are prepared.
4. If necessary, tailor a communication plan according to legal notification requirements.
5. Follow the detailed communication plan and alert the affected stakeholders (members, vendors, contributors, etc.)
This article is part of our continuing series to help our members better understand how to prepare and respond to a data breach. Look for our next article, “Shining a Light on the Dark Web”. Coming soon: Product solutions to help you prepare and respond to a data breach. Current First Nonprofit members and clients have access to Cyber Monitoring at no charge. Members can sign up here: http://firstnonprofit.com/cyber-monitoring-benefit-sign-up-form/