This past week has seen several announcements of major data breaches. In one case, a large mortgage and mortgage servicing company, Mr. Cooper (formerly called), announced a catastrophic third-party breach, via a recent SEC filing, that exposed the personal data of every current and former customer including names, birth dates, and social security numbers – nearly 15 million customers!
Here are some ways that a combination of having a vital records program and employee records management training can help companies avoid or at least mitigate this kind of event!
Vital Records Program: A vital records program is a systematic approach to identifying, classifying, and safeguarding critical information, particularly sensitive customer data. It involves establishing and maintaining protocols for encryption, regular updating, and strict access controls of essential records to mitigate the risk of data exposure and enhance overall data security. All organizations should establish and regularly update a defensible and robust vital records program, classifying and encrypting sensitive customer data, while implementing strict access controls to minimize the risk of data exposure.
Employee Records Management Training: Provide ongoing training to instill data security practices in employees, emphasizing responsibility in handling, classifying, flagging, and destroying sensitive information defensibly. Employees who handle sensitive personal data should receive additional, detailed instructions on how to defensibly dispose of that data (or at least whom they should call) once the retention period expires. And, emails should be managed based on organization-wide information governance and records management best practices.
Incident Response Preparedness: Develop a concise incident response plan with clear communication channels, roles, and procedures for incident identification, containment, and data recovery. Regularly test the plan through simulations, collaborate with cybersecurity experts, and conduct post-incident analysis to refine and improve the organization's readiness for swift and effective responses to data breaches.
By combining a comprehensive vital records program with ongoing employee records management training and a well-prepared incident response strategy, companies can significantly reduce the likelihood and impact of data breaches. These measures not only protect sensitive customer information but also enhance overall cybersecurity resilience within the organization.