Step 5: Action to prevent future breaches
Having addressed the immediate threat, prevention is the final step. While customers may understand an isolated failure, they are typically less forgiving of repeated mistakes. Carry out a thorough post-breach audit to determine whether your security practices can be improved.
This could include:
- Engaging a data security consultant, which will give you a fresh perspective on your existing practices, and help to reassure customers and others that you do business with.
- Promptly remedying any identified security flaws -- changes should be reflected in data security policies and training documents (and if such documents don't exist, create them.)
- Rolling out training to relevant personnel to ensure that everyone is up to speed on the latest practices.
- Reviewing arrangements with service providers to ensure that they are subject to appropriate data security obligations (and, if not already the case, make data security compliance a key criterion applied in the procurement process).