I’ve been following the data breach that occurred at HSBC Private Bank in Switzerland. Seems that an employee stole data on 24,000 accounts over three years ago, but the details of the breach weren’t clear to the company until earlier this month when the Swiss government returned data files back to the bank.
That type of lengthy delay is unacceptable. Forget for a moment the possible resulting impact to an organizations bottom line that a data breach can have. Instead, think about the individuals that have been violated by either negligence or cybercrime. They deserve to know and in a timely fashion.
An organization must have clear visibility into all data interactions, including files, events, people, policies and processes. Best-in-class managed file transfer solutions include tamper-evident cryptographic audit logs, as well as easy archival and retrieval of all transferred files and personal messages that were sent back and forth. No security can ever be perfect, but the correct audit capabilities mean that losses can be clearly understood without delay.
One last piece of advice to companies that fall victim to a breach: Don’t keep it to yourself. Standard procedure for data breach recovery should be to quickly identify the severity of the breach… And affected individuals have a right to know that sensitive information about them has accidently been compromised.