This is Part II of a two-part series on the rise of data security breaches sweeping across companies of all sizes and crossing most industries: Part I | Part II

Part I of this series — "Data breaches on the rise: Are you prepared to stop the leak in 2015?" addresses a few of the causes, consequences and some practical mitigation against leaks. Part II focuses on additional essential elements that can be effective to supporting a security-breach prevention plan.

Development of a security-breach prevention plan alone is not enough to stop a leak. A proactive plan to carry out a strategic security-breach prevention plan is vital to quickly and successfully identifying and stopping the leak in its tracks and minimizing the potential damage to the company.

Essential elements for an effective breach prevention plan include:

  • Conduct periodic reviews of your information landscape and systems to identify where your data is located, who has access to it, how it is created and transmitted, and what is being done to protect it
  • Identify the locations where personally identifiable information (PII) resides in your systems
  • Monitor systems designed to protect PII and valuable corporate information to identify vulnerabilities and update controls and protections
  • Develop a culture of privacy and security, including ample company training across departments that includes discipline for violations of policy
  • Consider adding additional insurance to protect and cover the costs relating to a data breach

Special areas of attention

As employees depart your company, regardless of the reason, be sure to aggressively enforce clear policies requiring the return of all data, including physical documents. Exit interviews with departing employees provide a fundamental opportunity to remind employees of confidentiality policies.

Review all equipment, data and materials returned by departing employees to ensure they have properly returned the technology and data provided to them by the company. Consider analyzing returned devices and the computer systems used by them for data leaks.

Often departing employees state they did not realize the contacts they signed while working at a company mean that proprietary sales information or customer data in fact belong to the company and are not up for grabs. Or, many seem to forget they uploaded data on their personal smart devices.

Departing employees should certify in writing that all the data they have utilized while in company's employment has in fact been returned. IT should routinely examine electronic devices of departing employees for recent activity or downloads.

During the onboarding process, new employees should certify they do not possess trade secrets or confidential information owned by a former employer. Put employees on notice that these are real issues and not tolerated by the company.

Developing measures to assure that trade secrets or confidential information owned by another party are not uploaded to your networks is also critical to avert additional risk and potential liabilities.

Employee confrontation

The human factor can be the center of a breach, but if so, it needs to be handled strategically. In advance of an employee confrontation, determine the ways that the breach may have been instigated.

Human causes of data breaches can include potential misuse of corporate computers, unauthorized applications on computers or smart devices, incorrect usage or noncompliance with login/logout bypass systems as well as the use of flash drives or cloud storage to access, move or work with corporate data. Make sure there is a careful review of the computer including hard drive and a forensic computer analysis.

Plan an employee confrontation interview in advance, ensuring key factors are in place, such as:

  • Who will attend?
  • Where it will take place?
  • Lock the employee out of company computers, emails and databases
  • Has the employer contacted the police?
  • Prepare and rehearse "if, then" scenarios
  • Plan for what happens after the confrontation interview
  • Determine if counsel or security personnel will be present

After the confrontation interview, decisions need to be made based on the findings. Be sure to weigh in honestly. Keep emotion out of it. Make sure there is not an innocent explanation rather than assuming the employee acted with malice before beginning legal proceedings or involving law enforcement.

To avoid ongoing and ever-growing cybersecurity risks, it is vital to form a solid breach-response team that will quickly confirm the leak, assess the scope of the damage and begin the process of addressing the consequences. The team has responsibility for any required notifications, compliance with any applicable laws and addressing business issues arising from a data leak.

The team should also be tasked with involving law enforcement, computer forensic experts, PR consultants and disaster recovery experts, to name a few. Without preparation, planning and forethought, data security leaks are virtually inevitable and the consequences will be catastrophic.

Companies need to be able to quickly and accurately investigate a leak seeking to uncover the cause and fix it. Try to find ways to evaluate your current system's vulnerabilities, take steps to avoid breaches from occurring in the first plan, and improve the response process to reduce the damages from an initial leak and avoid secondary breaches in the future.