In today’s heightened regulatory environment, the last thing that any business wants to find out is that they’ve been breached. If you think that you’re too small of a target for any hacker to have interest, you’re wrong. Over 90% of current network intrusions occur at small or medium businesses. They may not all make the newspaper like a multi-national retailer, but this is the state of data security.
The current belief within the information security community is that “it’s not a matter of if…it’s a matter of when” you will experience an intrusion. The fact is that most breached entities find out initially from a third party such as through law enforcement or customers.
An important item to have on file to help manage such situations is a breach response plan, not only because it’s a PCI requirement, but because you don’t want to have to make the difficult decisions you’re going to have to make under pressure with the decisions you make potentially having legal, financial, and even business survival implications.
There are several resources that may assist you in preparing an incident response plan. Below are some examples that you may find useful.
Electronic Transactions Association (ETA) Fraud & Security Committee
Data Breach Response: A Nine-Step Guide for Smaller Merchants
Visa
An incident response plan is not something that most of us are chomping at the bit to write, but any time committed to it is worthwhile as it could significantly impact the time and expense of a data security event.
Of course if you are breached or suspect you might have been breached, contact us immediately and we will assist you by putting you in touch with the folks who can help in your situation.