• All Files

Limit Your Risk

While knowing about the activities than can put your organization at risk of a breach is important, you also need to learn more about how you can limit your risk for a breach. You should track and monitor your data, especially online donations, for suspicious activity.

Unexpected increases in online donations or activity is a red flag so look at your merchant account to further investigate a potential threat. If you believe there is a breach of your merchant account, you can stop further threat by suspending that account while you resolve the issue.

Incident Response Plan

An incident response plan documents how to deal with a potential threat. If a donor reports that they believe their information has been compromised:

  • What questions will you ask to get the information you need to track the potential threat?
  • What are the reporting requirements for the state where the donor lives and where your organization is located?
  • Who in your organization is responsible for investigating a possible breach and reporting it to the proper authorities?

These are a few of the questions you should be answering with your incident response plan. If your organization is found to be responsible for a breach and you don’t have a plan, you can incur additional fees and penalties.

Data Encryption

Encrypted data has no value to thieves so using encryption to protect the information stored on computer systems and servers is one of the most effective ways to ensure the security of your data. In addition to protecting your data, consider encrypting your email communications too.

When you incorporate data encryption, access to your data is restricted to those who do not have the key and helps mitigate the risk of a security breach. While data encryption can be a big investment for an organization, ask yourself what is your data worth and are you doing everything you can to protect it from being stolen?

Employee Training

With 8.7% of all security breaches in 2016 happening because of employee error or negligence, training employees on best practices for protecting private information can reduce the chances of a breach.

Your training plan should be included in your incident response plan and document things such as:

  • Protecting company devices including computers, laptops, and mobile phones.
  • Procedures for reporting a potential breach.
  • Roles and responsibilities for safeguarding sensitive information.

Data Loss Prevention Technologies

Preventing data loss is another critical component of limiting your risk for a security breach. While there is no single solution that effectively prevents data loss, there are best practices you can use that fits the needs of your organization. The National Institute of Standards and Technology identifies these best practices:

  • Prioritize loss modes (data at rest, data at the endpoint, and data in motion) to identify those at risk and then focus on those with the highest impact if a breach happens.
  • Protect your data without disrupting normal business activities.
  • Create a flexible and modular architecture that addresses your most important requirements.
 
 

Copyright ©2017 Aegis Premier Solutions