As an IT pro, you know that data breach is a real risk. Your clients, however, probably haven’t thought about it as much. If your job is to keep them productive and their data safe, you must know how to broach the topic of data breach. Here’s an approach that will help them understand the risks they face and encourage them to invest in prevention.
Give Them the Facts
Some of your clients probably think IT disaster won’t happen to them—until it does. Having that “uh-oh” moment might motivate them to invest in solutions after the fact, but how do you get them to start thinking about data breach before it happens? It’s best to give it to them straight, using some hard facts:
- Between Jan, 2017 and March, 2018, 1.9 billion records containing sensitive data have been compromised. 75 percent of them by external hackers (org).
- In 2017, there were 1,579 publicly disclosed data breaches (Identify Theft Center).
- In 2018, it cost companies an average of a $148 for a single stolen record (Privacy Rights.org).
- In 2018, it took companies an average of 197 days to identify a data breach and 69 days to contain it (IBM).
These facts show that data breach is a growing problem, but your goal in sharing these figures shouldn’t be to scare clients. Instead, help them understand that data breach is a serious threat they should act on before it’s too late.
Give Them Tailored Options
The next part of your conversation should put clients at ease. Yes, there’s a growing threat of data breach. But as an expert, you’re uniquely positioned to help. To do that, you should be familiar with the unique threats various clients face. For instance, dental and medical offices or accounting and investment firms store some of the most highly-sought-after data, so you may want beefier security. Plus, regulations like the Health Insurance Portability and Accountability Act (HIPAA), and Sarbanes Oxley (SOX) hold certain businesses accountable for protecting data. This typically means they must keep data secure, have backups, and create data breach response plans. Should businesses fail to follow regulations, they face hefty fines on top of costs associated with remediating a data breach.
Discuss Response Plans
No system is 100 percent foolproof. In the event that your clients do suffer a data breach, you need a plan of action. Your plan should involve steps like bringing in forensic data experts and legal counsel, taking steps to stop further data loss, informing affected customers, and so on. The Federal Trade Commission’s guide to breach response has a detailed look at everything a business should add to a response strategy. As with any plan, be sure each client’s data breach response plan is carefully documented, easily accessible, and tested. The only way to know if a plan will work is to run drills and see if your plans work. Various vendors also provide software that can simulate an attack, so you can find out if your defenses hold up.
Data breach is expensive. When it can cost a business $148 for a single stolen record, it’s easy to see how a breach can put a business in the ground. Be sure your clients understand the threat, then implement options that meet their needs and budgets. With any luck, you’ll never need to use your data breach response plans at all.