Slashdot Mirror

← Back to Stories (view on slashdot.org)

How to Prepare for an IT Security Disaster (Video)

Posted by Roblimo on from the 2-ounces-of-prevention-are-worth-32-ounces-of-cure dept.

What should you do if your company's servers are hacked and your customers' credit card info or other data are stolen? Neill Feather, president of SiteLock, says you should have a plan of action tested and ready to go, the same way it's wise to hold fire drills so that everyone knows what to do in case of fire. Neill also recommends checking out the Online Trust Alliance and the many resources it makes available to businesses of all sizes whether or not they are OTA members. One document that would be a good place to start is their Data Protection & Breach Readiness Guide, which covers topics including liability and insurance considerations; basic forensics (to help catch the evildoers -- and prevent them from doing evil to you again); and even what information you should include in a letter to customers after a Target or Home Depot-type data theft. We can sum all of this up with the old saying, 'An ounce of prevention is worth a pound of cure,' but you should also know what to do if a problem happens, whether that problem is data theft, a ransomware attack or anything in between.

2 of 23 comments (clear)

  1. If it stops them from .... by 140Mandak262Jamuna · · Score: 4, Insightful

    If these drills make the pointy haired bosses stop thinking IT security purely as a cost to be minimized it would do some good. If an IT dept works well and prevent disasters they never get credited for it. It they slip up and make a huge mistake, they get fired. If the best reward you can hope for is "not getting fired", it will attract a level of talent that considers "not getting fired" an achievement and goal. Unless the management mentality changes IT disasters will keep happening. At least if we fired the top management too along with IT disasters and sue the corporate board for mismanagement, then they might pay attention.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  2. Step one. Don have anything. by houghi · · Score: 4, Insightful

    Don't have any data that you don't actually need. Like Credit Card data. Most companies don't need that info. The companies I worked for let the credit card payment being handled by others.

    So what we had was basically their adress and what they orderd. That didn't mean we were not trying to protect anything, because we did not wanted to be hacked, but we made ourselves much less of a target.

    And if you do need the credit card numbers, you should not be reading this article, you should be writing it.

    --
    Don't fight for your country, if your country does not fight for you.