Triaging Data Breaches
By Mark Antali, BDO
A data breach is one of the worst things that can happen to nonprofit organizations, their clients, donors and volunteers. When malicious perpetrators gain unauthorized access to financial information or other personal data, they can steal identities, exfiltrate intellectual property and can cause reputational damages that will affect the organization for years to come.
Information sharing is fundamental to virtually every aspect of business. As an organization grows, information sharing grows along with it—with vendors, contractors, partners and customers. And every one of these relationships present a new set of potential vulnerabilities.
Data breaches are increasing in frequency and can be potentially catastrophic to an organization; therefore, the need for data protection, as well as the way in which it is implemented, must be balanced thoughtfully against strategic and operational needs.
However, given that data breaches are virtually impossible to stop, it is imperative for organizations to build, maintain and follow a sound breach response program. To accomplish this, BDO developed a two-part series with step-by-step methodology to effectively respond to incidents and maintain a program that allows the organization to respond in the wake of crisis.
Series One
1. Identify, Understand and Communicate – Processes to identify the potential threat, gain an understanding of the threat and its potential impact, and communicate with the appropriate agencies and other involved or impacted parties.
2. Respond and Contain – Responses and efforts to contain or limit data breaches can have significant impacts on an organization’s ability to recover from the incident.
Series Two
1. Perpetuation – Preservation of evidence will assist in remediating the current breach and may aid in identifying future attempted breaches.
2. Notification and Identity Monitoring – Through internal or third-party services, affected parties can be notified of any activity related to their personal information and efforts to remediate and reduce potential impact.