Does your organization have a data breach response plan in place?  And if you do, how effective do you believe this response plan would be if a data breach incident occurred?  It’s an unfortunate fact, but a fact nonetheless, the data of more and more businesses is being targeted because it’s so incredibly valuable.

According to a recent study by thePonemon Institute, businesses affected by data breaches increased by 10% from 2013 to 2014. So it should be no surprise that businesses are responding by establishing a data breach response plan, as these numbers increased by 12% from 2013 to 2014.

However, the startling statistics from this study are that only 30% of those businesses who had a data breach response plan in place, said that their organizations were effective in developing and executing a data breach response plan.

And 78% of the study’s respondents said they do not regularly update their data breach response plan to account for changing threats or changes within their organization.

Businesses cannot simply check a box to say they established an incident response plan – they need to test their plan, practice it regularly and improve their plan on a regular basis.

Creating, implementing and improving your plan

Because a typical data breach involves a long list of moving parts that often need addressed simultaneously, it’s important to establish a response plan that takes into account a variety of scenarios and responsibilities that could come into play.

There’s no one-size-fits-all data breach response plan. That being said, we have outlined 10 suggested steps that will help you create, implement and improve upon a data breach response plan for your business.

1. Research any legal issues

Research any federal or state laws that may apply to your business and keep this information up-to-date.

The current regulatory framework in the United States does not provide a national uniform data breach notification standard. The few federal regulations that do exist only cover specific industries, such as health and financial related data breaches.

The Federal Trade Commission (FTC) has also used its authority under Section 5 of the FTC Act to take enforcement actions related to data security. This regulatory structure makes compliance complex, so individual states have attempted to create more targeted laws regarding data breaches.

California led the way in 2003 by mandating that any company that suffers a data breach must notify its customers of the details of the breach. Today, 47 states and the District of Columbia have data breach notification laws in place.

Only Alabama, New Mexico and South Dakota have yet to enact such laws.

Verification laws vary from state to state, making it important for companies to understand the applicable laws in their state.

Congress continues to debate a move toward a national data breach standard to replace the patchwork of state and sectoral laws, but progress has been slowed for various reasons… imagine that!

With data breaches being a relative new comer to the business world, the regulatory framework is fluid and complex. It‘s important for companies to always be knowledgeable on current regulations and to have a strategy in place before a breach occurs.

2. Research any prominent or emerging technologies

Consider any technologies that could impact the scope of a breach or impact how you could protect yourself from damage.

The evolution of technology is shaping the world of data breaches, which is why it’s important for companies to be aware of these emerging technologies.

For example, according to a study conducted by Experian Information Solutions, the global cloud is a growing threat and is adding a new level of complexity to the data breach response process.

How so?

Due to a rise in cloud computing, there are significant quantities of data that are traveling across national borders, and large data centers are hosting data from citizens all over the world.

While the cloud allows for global data flows, the data breach response laws are local. It will be a challenge for companies to provide protection to customers, keep up with each country’s regulations, and maintain compliance with all of them.

3. Assemble an internal response team

Identify your internal response team in advance by establishing roles and responsibilities.

Ambiguity and uncertainty can be devastating to a breach response. By establishing a response team and outlining roles and responsibilities ahead of time, you will keep everyone on the same page during a breach incident.

When assembling your team, choose representatives who are strong and capable and will ensure an efficiently executed response.

Start by selecting your incident lead. This individual will be responsible for managing your company’s overall response efforts, and the rest of the team.

Your incident lead should be able to act as an intermediary between executives and team members, outline a budget and resources needed to respond to the breach, report progress and problems, and much more.

Other possible team members may include:  an executive leader who is a key decision maker in the organization; someone from your IT or security team; a legal or compliance expert; a public relations or communications expert; someone from Human Resources; and someone from customer service.

Carefully consider your team members since a well-constructed data breach response, plan no matter how comprehensive and detailed, is only as good as the team that’s responsible for putting it into action.

4. Assemble an external response team

Depending on the size of the data breach and the size of your organization, you may need to rely on an external response team. Determine your strategic partners, establish a relationship with them, and make a list of those partners ahead of time.

From there, document the relationships in the response plan along with an explanation of the process for determining whether the individual strategic partner needs to be involved in a breach response.

Some examples of external partners include:  PR firms; insurance advisors; computer forensics experts; law enforcement; credit monitoring companies; or call centers.

You could also secure a proven breach resolution partner, who specializes in developing a response plan and resolving a data breach.  We can help you with selecting a reputable firm.

5. Outline a strategy for identifying and containing the breach

Acting quickly and strategically following a data breach is extremely important – identify who will be responsible and the steps they should follow.

Identifying a breach, determining its size and scope, and ultimately containing the breach are all critical to an effective response.

By identifying who is going to be responsible for these functions (whether internal and/or external response team members) ahead of time, it will allow everyone to respond quickly without panicking.

Some of these steps should include recording the date and time that the breach was discovered and when the response efforts began, alerting everyone on the internal and external response teams, preserving any evidence, stopping additional data loss, reviewing protocols and much more.

6. Outline a notification strategy

Ensure that notification to any injured parties is provided in a prompt fashion by outlining your strategy ahead of time.

Depending on the information accessed, a breach can involve federal and/or state laws. Develop a strategy that determines how the notice is to be provided, who is responsible for making sure the applicable notification requirements are met, and the process to be followed.

Consider streamlining this process by preparing template notices, which would be in accordance with potentially applicable notification laws. In the event that a notification is required, those template notices could be customized accordingly.

7. Develop an internal communication strategy

Outline a process for internal reporting to ensure that everyone from the response team is up-to-date, and on track during a breach.

Communication with all key stakeholders during a data breach is essential. The response plan should explain when and how the key stakeholders will be informed about the breach response, as well as any role they might play in the process.

The response plan should also identify who is responsible for disseminating information about a breach incident to other company representatives.

8. Develop an external communication strategy

Outline the strategy for communicating with the media and responding to external inquiries.

Depending on the size and scope of the data breach, you may need to report the breach to the media, and respond to external inquiries regarding the breach.

Identify who will be responsible for overseeing that process and for developing the external message about the breach.

This team member should be identifying the best notification and crisis management tactics before a breach occurs, and they should handle any media coverage, information leaks or negative press during the breach.

9. Conduct preparedness training

Practice and test your preparedness plan and perform regular reviews.

The data breach response team should make data breach security and breach preparedness a company-wide focus by providing department specific training.

Each team member has a responsibility to apply prevention and preparedness practices to their departments.

The response teams should also work with employees to integrate smart data security into their everyday work, they should develop policies for data security, online activity and mobile phones and communicate them to all associates, and they should conduct employee security training at least once a year.

In addition to preparedness training, it’s the responsibility of the response teams to use the training exercises as an opportunity to improve the data breach response plan.

10. Prepare for the worst

Prepare for the worst so you are able to respond with your best.

Make sure everyone on your data breach response team understands their roles and responsibilities – both in preparing for and responding to a breach. The more your organization can do to prepare, the better off it will be in the months and years to come.

Curious about what you can do to prevent Cyber Crime?

ohio-cyber-crime-prevention

We can help you recover from a data breach

While this 10-step plan may seem exhaustive, and like a lot of work on your part… it is.  And for good reason.

Businesses are operating in an environment where it’s not a matter of IF a data breach will occur, it’s only a matter of when.

We need to take reasonable measures to reduce the likelihood of a breach, but we also need to be realistic and understand that inevitably, we’ll all deal with a data breach at some point.

The two most important questions you need to answer as a business owner are:

  1. Will I know how to respond when a breach occurs?
  2. And will my business survive the devastating consequences of a data breach?

The planning you do today, the strategic partnerships you put in place, and the adequacy of your Cyber & Data Breach Insurance coverage are all critical components to confidently answering the question of ‘will my business survive after a data breach’ with a resounding ‘ABSOLUTELY.’

We understand the negative effects a data breach can have on your organization, we’ve seen first-hand how it impacts clients.  We also know which insurance companies provide the broadest insurance coverage to help you recover after a breach occurs.

But we don’t stop there.

The best place to begin is with your own internal operations, the security measures you have in place, and the controls implemented to avert a data breach. To learn more about how we can help, download our Cyber & Data Breach Liability eBook, or if you need to get insurance coverage in place now, simply Request a Proposal and we’ll get to work right away.

Tom Simon

Tom Simon

Chairman of the Board

Tom has worked in the insurance industry since 1977 holding numerous positions from Account Executive and Agency Manager, President to his current role. He combines his unique ability of thinking differently with his wealth of insurance and business experience to propel CoverLink to new levels of success.

In his spare time, he enjoys spending time with his family, especially his grandkids. In addition, he’s also an avid woodsman… yes, you read that correctly. He can often be found yelling “timber” or just splitting firewood for family and friends.

 

email

Matt Simon

President

Prior to joining the team at CoverLink in 2006, Matt worked as an Underwriter with a multi-state insurance company located in Columbus, Ohio. Matt is a Certified Insurance Counselor (CIC) and Chartered Property and Casualty Underwriter (CPCU), having successfully completed the rigorous coursework and exams to earn these designations.

He also serves on the Board of Directors for the Ohio Insurance Agents Association and the Associated Risk Managers of Ohio, in addition to volunteering his time to multiple other community and industry organizations.

In 2013, Matt was awarded and recognized as the National Young Insurance Agent of the Year, and in 2019 he was recognized as the Insurance Advisor of the year by Finance Monthly.

 

team-email    team-linkedin    team-facebook

Gina Loehr

Gina Loehr

Senior Account Manager

Gina oversees the Commercial Lines division at CoverLink, which is responsible for managing the business insurance needs for clients.

She has worked in the insurance industry since 1980, beginning as a Commercial Underwriter with a regional company located in Springfield, Ohio.

In 1984, she earned her Certificate in General Insurance, and in 1995, her Accredited Advisor of Insurance designation.

In her spare time, she enjoys spending time with her family, including four grandkids, and biking.

 

email    team-facebook

Kyle Carper

Account Manager

Kyle joined the CoverLink team in 2018 as in intern when he was a junior in high school. Shortly after, he began studying to obtain his insurance license, which he passed in 2020 and joined our Personal Lines division.

Kyle helps individuals and families with their home, auto, umbrella and other personal insurance needs, which he thoroughly enjoys.

In his spare time, he enjoys spending time with the ones he loves, watching sports and playing video games.

 

email    team-linkedin    team-facebook

Tim O’Rielley

Senior Insurance Advisor

Tim works with individuals, families and businesses to design insurance policies perfectly suited to their specific needs.

He has been working in the insurance industry, and with CoverLink, since 1993. As a lifelong resident of Logan County, he’s been involved with a number of community organizations, often taking the leadership role such as President of the Chamber of Commerce, and the United Way.

He’s often found spending as much time as possible with his two daughters, and his grandkids

 

email    team-linkedin    team-facebook

Mark Osborne

Account Executive

Mark has worked at CoverLink since 2004. He specializes in life and health insurance, where he utilizes his extensive knowledge to help clients make sense of a confusing and ever changing market.

He also holds the Property & Casualty Insurance License, and often helps families as well as small businesses to set up their insurance protection plan.

Mark graciously volunteers his time to several community organizations, and enjoys spending his free time with his family

 

email    team-linkedin

Leah Loehr

Account Manager

Leah joined the Commercial Lines division at CoverLink in 2012 where she works closely with business owners on their Commercial Insurance needs to help them achieve their desired level of protection.

Leah is known for her outgoing personality, positive attitude, and relentless pursuit of the goals she sets out to achieve. Clients often rave about her and the service she provides.

In her spare time, Leah enjoys spending time with her family and friends… and she can often be found at the closest Buffalo Wild Wings!

 

email    team-facebook

Larry Middaugh

Larry Middaugh, PLCS

Senior Insurance Advisor

Larry joined CoverLink with an extensive background in sales, bringing over 30 years of experience and commitment to taking care of his clients in the banking and mortgage industry.

Larry’s dedication to his clients aligned so well with the CoverLink tradition of relentlessly caring for, and protecting its clients, that he joined the team of Licensed Insurance Advisors in 2015.

Those in need of Personal or Business Insurance are delighted after working with Larry.

Larry defines success as knowing his purpose in life, continuing to grow to reach his fullest potential and sowing seeds that benefit others. He’s a father of three incredible children and husband to an amazing, kind and loving wife.

 

email    team-linkedin    team-facebook

Tony Fink

Tony Fink, CIC, CLCS

Insurance Advisor

Tony is responsible for serving the needs of individuals and businesses looking for property & casualty insurance. In addition, he’s licensed and capable of advising clients that desire life insurance protection.

He’s a Certified Insurance Counselor (CIC) and a Commercial Lines Coverage Specialist (CLCS), having successfully completed the rigorous coursework and exams to earn these designations.

Tony entered the insurance industry in 2008 bringing a diverse background of experience and knowledge to his Account Executive position with CoverLink.

In his free time, Tony enjoys spending time with his family, being outdoors, following sports and listening to music.

 

email    team-linkedin

Meg Barton

Meg Barton

Senior Account Manager

Meg works in the Commercial Lines division at CoverLink as an Account Manager, where she helps businesses with their varying & complex insurance needs, from Business Auto to Commercial Liability, Directors & Officers to Commercial Property.

Meg earned her Bachelor’s degree in Business Management from Urbana University in Ohio. She has been active in the insurance industry since 2006, and is an Ohio Notary.

In her spare time, Meg enjoys spending time with her family at Indian Lake, listening to live music and reading.

 

email    team-linkedin    team-facebook

Jordan Springs

Jordan Springs

Account Manager

Jordan joined the CoverLink team in 2017, bringing top-notch client service skills acquired through several years in the banking industry.

She’s constantly assisting and advising clients on their personal insurance needs – home, auto, jewelry, umbrella and other policies – not to mention, she’s just plain fun to be around!

In her spare time, Jordan enjoys spending time with family and friends, especially her husband and two kids.

 

email    team-facebook

Jill Rawlins

Jill Rawlins

Account Manager

Jill works in the Personal Lines Department where she helps individuals and families with their Home, Auto, Umbrella and other personal insurance needs.

She graduated with her Bachelor’s Degree in 2009 from Otterbein University, and shortly after began her career in the insurance industry.

In addition to holding the Ohio Property & Casualty Insurance License, she also has her Accident & Health, Life and Variable licenses.

Jill enjoys spending as much time as she can with her family, and especially enjoys being with her little girl who makes her laugh often.

 

email    team-facebook

Chris Badenhop

Chris Badenhop

Insurance Advisor

Chris joined the CoverLink team in 2017 with a diverse and exciting professional and educational background. He works with individuals, families and businesses to find the ideal solution for their insurance needs.

He brings a positive attitude and a desire to help his clients in his position as an Insurance Advisor, but most importantly, he shares one of the most fundamental beliefs we hold dear within our organization: he cares. He cares about his clients, he cares about protecting all that’s important to them, and above all, he cares about doing what’s in the best interest of his clients. His enthusiasm and empathy set him apart, and he’s backed by the top-notch service provided at CoverLink, making him a tremendous asset to his clients. In short, Chris puts people before policies.

In his free time Chris enjoys spending time in the outdoors hunting and fishing. He’s also a passionate sports fan devoting support to all levels of play.

 

email    team-linkedin    team-facebook

Joe Cooney

Joe Cooney

Senior Insurance Advisor

Shortly after graduating from John Carrol University in 2008, Joe began his insurance career. His original focus and expertise was on personal lines and small commercial accounts, but he has since expanded his focus to include Cyber Insurance and Life Insurance, among other products.

Joe resides in Fairview Park, Ohio with his wife Megan and young son Jack. In his spare time, he coaches youth basketball and volunteers for the special Olympics.

 

email    team-linkedin    team-facebook

Kelli Young

Kelli Young

Director of Marketing

Kelli brings extensive marketing expertise to CoverLink after spending nine years in the automotive industry, where she gained valuable insight in the areas of design, digital presence, and content creation.

After joining CoverLink in 2015, her focus has been on telling the story of our long standing belief, that people are more important than policies, in a fresh way with a digital twist, allowing consumers who believe what we believe to find us easier.

Kelli graduated from Ohio University in 2006 with a Bachelor’s Degree in Communications, and earned her Master’s Degree in Business from Ashland University in 2010.

She enjoys spending time with her family, especially being outside with her son and two daughters.

 

email    team-linkedin    team-facebook

Jami Radern

Jami Rader

Director of First Impressions

As the Director of First Impressions, Jami brings top-notch client service skills. She’s constantly assisting clients with billing inquiries, working to resolve any frustrating issues they’re having, and she’s just plain fun to be around!

In her spare time, Jami enjoys spending time with family, especially her husband and four children and going on four-wheeling trips together.

Erika Asher

Account Manager

Erika works in the Commercial Lines division at CoverLink as an Account Manager, where she helps businesses with their varying & complex insurance needs, from Business Auto to Commercial Liability, Directors & Officers to Commercial Property.

In her spare time, Erika enjoys hiking, reading, and spending time with her son.

 

email

Erin Whitaker

Account Manager

Erin joined the Personal Lines division at CoverLink in 2019, as an Account Manager, where she helps individuals and families with their Home, Auto, Umbrella and other personal insurance.

She previously worked in the healthcare industry before getting her insurance license in November of 2018.

When Erin isn’t at work, you can find her cheering on her kids at various sporting events almost every day of the week. In addition, she enjoys planting flowers, finding rusty items to decorate with and spending as much time with her family as possible.

Alissa Grim

Alissa Grim

Account Manager

Alissa works as an Account Manager where she helps individuals and families find the insurance that best fits their needs.

In addition to earning her Ohio Property & Casualty Insurance license in 2008, Alissa received her Life Insurance License in 2010.

In her spare time, Alissa enjoys spending time with her family camping, and watching her son race go karts around the U.S.

Vickie Allen

Vickie Allen

Account Manager

Vickie has worked at CoverLink since 2000 helping clients with a diverse set of needs, from securing the coverage that’s best for their individual situation, to providing guidance when claims or billing questions arise.

Vickie currently holds the Ohio Property & Casualty Insurance License, and is well known to clients because of her infectious personality and radiant smile that greets them when visiting the office.

In her spare time she enjoys spending time with family and friends, and traveling.

Randy Leopard

Randy Leopard

Vice President

Randy began his insurance career in 2000 working with both personal and business clients on their health insurance needs.  In 2008, he expanded his area of focus to include all types of insurance his clients needed from home & auto insurance, business insurance and farm insurance.

Randy resides in Urbana where he enjoys spending time with his family, and watching his horses race from time to time.

Melodi Wilkins

Melodi Wilkins

Senior Account Manager

Melodi has called CoverLink her ‘work home’ since 2009.  In her position as a Senior Account Manager, she works closely with clients needing home, condo, renters, auto, umbrella and other types of personal insurance coverage. Melodi also provides service and assistance to businesses regarding their insurance protection needs.

In her spare time, Melodi enjoys being outside and spending time with her family, especially with her granddaughter.

Morgan Edwards

Morgan Edwards

Account Manager

Morgan joined the CoverLink family in 2019, as an Account Manager. She helps her clients with personal insurance needs such as, home, condo, renters, auto umbrella and more. In addition, she works closely with business owners on their Commercial Insurance needs to help them achieve their desired level of protection.

In her spare time, Morgan enjoys spending time with her family and friends, making memories and enjoying all that life has to offer!

Sam Ankrom

Insurance Advisor

Sam joined the Coverlink team in 2020 with a strong passion and drive to help people. As an insurance Advisor with his Property & Casualty license, he assists individuals and business with all of their insurance needs.

He is dedicated to going above and beyond for his clients and wants to make sure every client is not only properly insured, but can also feel like a part of the Coverlink family. Sam is committed to helping everyone feel confident and comfortable with their insurance decisions and have the peace of mind knowing they are taken care of by not only himself, but by the entire Coverlink team.

Outside of work you can usually find Sam spending time with friends and family, or outside on the golf course.