Data Breach, follow-up actions, current laws and how an employee can handle customer questions
As a result of the data breach, the company held a meeting regarding this issue. The data breach, security practices, and other social engineering topics have been discussed. Data breach is an incident that happened intentional or unintentional in which sensitive, confidential and private data has been accessed and then made available to open public. The organization data affected by this incident includes the employee’s personal information, some company business plans, customers information’s and engineering futures products. Those fields are identified to be used daily by the majority of employees. This data breach exposure has been caused by a malware software received via email propagated to the database server. This software had a core function to steal the data and send back to the attacker.
As soon as the threat was detected, the malicious software was quarantined and inspected by specialists. The compromised data was assessed to full investigation. The organization uses different types of security practice to protect the data in case of any intrusion. The employee’s personal information and customers information were encrypted, which makes it very difficult for hackers to decode. The decoding process for an encrypted data will require someone with a key to make this possible. The other affected information uses hashing technology for protection, which it is a method to scramble the data in a way that can’t be decoded back to plain text. After this incident, the organization forced all employees and customer to change their login passwords and also implemented a two-factor authentication system. This system will require to use of a six-digit code on top of the regular password to access the company’s account.
According to the Michigan law regarding the data breach, if the personal information is encrypted, will not be necessary for the organization to notify the affected entities. Even though the employee’s personal information and customer information was encrypted, the organization still followed up with notification letters sent to everyone affected by the data breach. The notification letter describes that the company was affected by a severe data breach, and explains the encryption security practice used by the company to protect personal information.
In order to be prepared to answer the customer’s questions regarding the data breach, the organization comes up with a plan to train his customer relation employees. The training will include a detail description of the impact, to answer questions like: What data was really compromised? How long until the data breach was discovered? How did that happen? Was the data encrypted? How will it affect each entity? Etc.
Data Breach, follow-up actions, current laws and how an employee can handle customer questions
As a result of the data breach, the company held a meeting regarding this issue. The data breach, security practices, and other social engineering topics have been discussed. Data breach is an incident that happened intentional or unintentional in which sensitive, confidential and private data has been accessed and then made available to open public. The organization data affected by this incident includes the employee’s personal information, some company business plans, customers information’s and engineering futures products. Those fields are identified to be used daily by the majority of employees. This data breach exposure has been caused by a malware software received via email propagated to the database server. This software had a core function to steal the data and send back to the attacker.
As soon as the threat was detected, the malicious software was quarantined and inspected by specialists. The compromised data was assessed to full investigation. The organization uses different types of security practice to protect the data in case of any intrusion. The employee’s personal information and customers information were encrypted, which makes it very difficult for hackers to decode. The decoding process for an encrypted data will require someone with a key to make this possible. The other affected information uses hashing technology for protection, which it is a method to scramble the data in a way that can’t be decoded back to plain text. After this incident, the organization forced all employees and customer to change their login passwords and also implemented a two-factor authentication system. This system will require to use of a six-digit code on top of the regular password to access the company’s account.
According to the Michigan law regarding the data breach, if the personal information is encrypted, will not be necessary for the organization to notify the affected entities. Even though the employee’s personal information and customer information was encrypted, the organization still followed up with notification letters sent to everyone affected by the data breach. The notification letter describes that the company was affected by a severe data breach, and explains the encryption security practice used by the company to protect personal information.
In order to be prepared to answer the customer’s questions regarding the data breach, the organization comes up with a plan to train his customer relation employees. The training will include a detail description of the impact, to answer questions like: What data was really compromised? How long until the data breach was discovered? How did that happen? Was the data encrypted? How will it affect each entity? Etc.
Read more about the data breaches:
Data Breach Statistics Q1 2018: Disclosure Times Remain High as Total Numbers Fall
Data Breach Statistics Q1 2018: Disclosure Times Remain High as Total Numbers Fall