Five Tips to Minimize (and Even Eliminate) a Data Breach
By Brian O'Connell
With news that the U.S. Postal Service was recently hit with a major data breach, other government bureaus and agencies are revisiting their data security plans, and with good reason.
According to Privacy Rights Clearinghouse, which tracks public government agency data breaches, 27 agencies experienced a data attack in 2014. These breaches exposed approximately 1.73 million data records (including bank account and Social Security information) belonging to U.S. residents.
What security issues can be addressed in order to thwart these attacks? The best-laid plans involve expanding the authority of agency managers and centralizing your agency's data security implementation in the event of a breach, among other actionable strategies.
To that end, here’s a list of five “must-do’s” for government agencies looking to mitigate, and even halt, serious technology data breaches:
1. Install a “point person.” Ideally, government agencies should appoint one primary decision maker to address agency data breaches. All projects and processes should go through the manager’s office, and ideally, that manager should either be the agency’s information technology (IT) director or chief security officer (CSO).
2. Create and maintain an agency-wide data privacy policy. A blueprint for battling potential data breaches is also a high priority, specifically a data privacy policy. After determining who is responsible for implementing this policy (see point #1 above), establish a coordinating group to handle policy processes. Circulate the draft to key agency personnel and task them with key initiatives designed to protect agency data from exposure. Be specific about who is accountable for what action. Then, conduct periodic audits to ensure your data privacy policy is being followed to the letter. Find a sample template here.
3. Get everyone on the same page. A data privacy policy is a great start in developing an agency-wide data privacy initiative, but there’s more to it than that. Specifically, make sure the entire staff is on the same page and prepared to “follow the script” in the event of a data breach. If even a handful of agency staffers aren’t aware of your data protection blueprint, the chances of a communications breakdown—and a breach—grow higher.
4. Document everything. Your agency should also document how you’ve defended critical data in the past, especially any past responses to data security incidents. In addition, seek legal approval of any documentation that goes into your data breach policy.
5. Have good public outreach. State and federal agencies also need a suitable mechanism for “getting the word out” in the event of an actual data breach. You’ll want clear and concise messaging when a breach happens. If the right information isn’t released in a timely fashion, both the media and law enforcement will take a dim view of the way your agency treated a data breach.
To develop and manage the best data breach policy, you must be direct, logical, and proactive. Follow the tips above to do just that, and improve your agency’s data protection efforts.
Brian O’Connell is a freelance writer with 15 years experience covering technological and financial trends in both the public and private sector. A former Wall Street bond trader, he has written for dozens of top-tier national business publications, including Time, MSN Money, Forbes, The Wall Street Journal, CNBC, The Street.com, Yahoo Finance and CBS Marketwatch.
With news that the U.S. Postal Service was recently hit with a major data breach, other government bureaus and agencies are revisiting their data security plans, and with good reason.