Wednesday, March 21, 2007

Best Practices For Security Breaches

How important is it for businesses to safeguard data? This article from ComputerWorld cites a study which pegs the cost at $182 for each record lost or exposed. Of course, costs can easily rise beyond that level, as happened in the case of ChoicePoint, which lost $720,000,000 in market capitalization as a result of a breach which compromised 145,000 customer accounts.

Happily, such costs are not a foregone conclusion, and there are some steps which businesses can take to help limit the risk of a breach. The ComputerWorld article advises measures such as establishing a culture of control, categorizing data in terms of risk, and educating employees about security precautions in order to minimize the chance of losses. While the article's recommendations make sense, since it is simply unrealistic to expect that any security policy will be foolproof I would add damage mitigation measures to the list as well. For example, laws such as California's security breach notification law do not treat all breaches equally, and an organization which designs its data storage policies with those laws in mind will be in better shape than one which simply hopes that a breach will never happen.

No comments: