You just find out that your department or office had a serious breach and personal data was stolen. What do you do? More importantly, what don’t you do?
Harvard Business Review took a look at mistakes commonly made by leaders faced with a data breach. While it does focus on business and corporate issues, much of the information translates to emergency service sector agencies and departments.
Waiting to notify victims. The longer you wait to let those affected know, the longer criminals will be able to use the stolen data, and the more damage control you will be forced to handle, including your organization’s reputation.
Assuming it won’t happen. A current buzz phrase is “cyber security is the new cold war.” Whether it’s a data breach or some other form of cyberattack, assume you will have to manage one sooner rather than later.
Not having a plan in place. Having an incident plan goes a long way to instilling confidence in the organization to be able to handle a breach. Contact municipalities or organizations who’ve been affected to talk best practices.
Lack of transparency. There is a difference between damage control and withholding vital information. Transparency promotes trust.