Cupertino, CA, July 24, 2019 – On Monday, the Federal Trade Commission settled with Equifax for up to $700 million as a result of a data breach that occurred back in 2017 when Equifax failed to properly secure their network. The records of nearly 150 million people were compromised at the time.
As a company that provides solutions for structuring data, processes and communication enterprise-wide, OTRS Group shares the following expert advice to help companies avoid similar fines, as well as a possible loss of consumer confidence.
Develop a strategy.
"Generally speaking, the faster a company is able to respond to a data breach, the less impact the breach will have," said OTRS COO Christopher Kuhn, "That's why it is imperative for business of all sizes to spend time preparing for security incidents in advance." This preparation should include:
- Clearly identified responsibilities in the event of an incident,
- Notification and documentation processes,
- A plan for falling back on manual operations, particularly for businesses that are dependent on technology to continue running
Take the necessary technical precautions.
Even seemingly small technical precautions can help to prevent attacks. Install firewalls, antivirus systems, encryption tools, security updates and intrusion detection systems. If you don't have the expertise in-house, get a consultant to help you identify and address vulnerabilities.
And, don't forget that your people can be a vulnerability: cybersecurity education for employees is a huge step toward combating data breaches. Very often incidents happen because people fail to lock devices, change their passwords or ignore scams.
Consider fully-managed solutions.
Businesses should take advantage of fully-managed solutions whenever possible. Doing so means that the service provider takes responsibility for the environment.
Kuhn said, "This is an excellent option for businesses of any size. It allows internal teams to focus on adding additional value instead of worrying about fending off cyberattacks. For instance, customers who opt for the OTRS fully-managed solution benefit from ISO 27001 certification, encrypted servers and communication, strict controls over physical access to data, and an environment that is compliant with GDPR regulations."
Of course, businesses themselves should always do their due diligence when working with service providers because they are ultimately responsible for the safety of their data; but by working with reputable service providers, businesses can reduce much of the overhead that is required to keep customer data safe.
Retain only the data you need.
Data that doesn't exist can't be breached. As your business develops online tools, portals and apps, be diligent in evaluating what data is truly required in order to complete tasks. If you don't need to capture a certain piece of information, don't do so.
Automate incident response processes.
Once an incident is identified, put plans into motion as quickly as possible. A response management system, such as STORM powered by OTRS, simplifies this. The communication system has built-in security specific processes and can be customized for your unique business. This means that, when an attack occurs, the incident is captured immediately. Processes and notifications are kicked off automatically. Resolution details are tracked for audit purposes. Everything happens instantly so that your team can mitigate the danger as quickly as possible.
Of course, Equifax is not alone in fighting this battle. In fact, large fines were levied against both British Airways and Marriot earlier this month, so the likelihood of fines continues to increase for companies that don't take action.
"There is no way to 100 percent protect against cyberattacks, but multi-level security practices with clearly defined processes, technical preparation, training and rapid reaction reduces the risk," said Jens Bothe, Director Global Consulting at OTRS AG.
To learn more about how OTRS structures data, communication and processes in any capacity, visit otrs.com.
About OTRS Group
OTRS Group is the manufacturer and the world's largest provider of the service management suite OTRS, awarded with the SERVIEW CERTIFIED TOOL seal of approval.
It offers flexible solutions for process and communication management to companies of all sizes, saving them time and money. Among its customers are Lufthansa, Airbus, IBM, Porsche, Siemens, BSI (Federal Office for Security in Information Technology), Max Planck Institute, Toyota, Hapag Lloyd and Banco do Brazil (Bank of Brazil). More than 170,000 companies worldwide use OTRS, including over 40 percent of the DAX 30 companies. OTRS is available in 40 languages. The company consists of OTRS AG and its six subsidiaries OTRS Inc. (USA), OTRS S.A. de C.V. (Mexico), OTRS Asia Pte. Ltd. (Singapore), OTRS Asia Ltd. (Hong Kong), OTRS do Brasil Soluções Ltda. (Brazil) and OTRS Magyarország Kft. (Hungary). OTRS AG is listed on the basic board of the Frankfurt Stock Exchange. For more information, see www.otrs.com.