Data Breach Response Planning Best Practices
By: Ann Davidson, VP of Risk Consulting at Allied Solutions
There is a high likelihood another large data breach will occur in 2016, so it is essential your financial institution is armed with a written data breach action plan that includes steps to prepare for, respond to, and recover from an attack. Provided below are best practices your credit union can take to help mitigate the financial and reputational impact of a potential data breach on your financial institution and members:
Plan
- Establish a formal data breach response plan
- Name your team
- Review plan annually
- Submit to Board of Directors (GLBA)
- Conduct annual trainings with employees on data breach awareness and response
- Run tabletop exercises and/or mock data breach drills annually
- Create a security fund for unpredictable external and internal breach costs
Respond
- Develop an internal breach action plan
- Designate resources to draft notification letters, employee scripts, FAQs, press releases, etc.
- Adopt fraud investigation and credit monitoring services
- Give away entitlement to services up front to create more value and offset cost at breach
Recover
- Consider outsourcing with a qualified organization for the following professional services:
- Fraud counseling service to take calls, provide guidance, place fraud alerts, etc.
- Call center service to provide multilingual enrollment assistance
- Identity advocate service to provide identity theft investigation and recovery
Read the Data Breach Preparedness Checklist produced by NXG Strategies or watch the recording of our webinar to learn more about how to build a strong data breach response plan.
Allied Solutions is the NAFCU Preferred Partner for InsuranceâBond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown Protection (MBP); and rateGenius. Learn more at www.nafcu.org/allied.