Essay on Data Breach Response

In assessing the given scenario, the sensitive employees’ stolen data is the attribute of technical issues leading to data breaching that results in various repercussions. The consequences include: the identified aircraft manufacturing company employees would face numerous effects of information breaching, including identity theft. The data can enhance criminal activities when using the team member’s information in fraud and money laundry activities. In addition, the company may face negative impacts concerning its business operations due to decreased market value, and consumers may lose confidence in the business entity. Another possible outcome is that there is always the risk of future harm regarding the exposed kind of information. Concerning the above case, some laws try to impact this data breach which include: Security breach notification laws which tend to initiate attempts to try and prevent damage to the public and various companies. Another example is The Federal Information Management Act (FISMA). (Kesari, A. 2020). This federal regulation tends to reduce data security risks, and companies can significantly benefit by complying with its rules.

Having experienced data breaching, the company should initiate the following ways that accord with the specified laws. First-The company should take necessary steps to contact and inform the individuals and other relevant parties about the breaching incident. Information will enhance the reduction of any further harm as people will take necessary steps to limit the chances of using their data. The company should tell critical steps to the individuals regarding the type of exposed information and give important contact information. For example, the victim should notify the credit bureaus to place credit freezes on every credit report because of missing their social security numbers. Also, businesses, including banks, should monitor the account number in case of any fraud. (Kesari, A. 2020). The company should reach the law enforcement authority and report the incidence and the possible risk that can arise.

To prevent similar incidents in the future, the company should formulate various ways to improve controls of information and technology (IT). Improvement in IT tends to reduce risk on data security. The following is the considerations of the measures: Updating software regularly enhances the application of patches used to fix any weakness in the program. Another point is regular software updates that tend to strengthen the system data from any cyber-attack. Another measure incorporates the use to decipher passwords to employees hard to use password information that is difficult to retrieve by another person. Furthermore, scheduled data reset ensures that all employees are participating actively. In addition, highlighting control access of various data at a designated place. (Bisogni, F., & Asghari, H. 2020). Control access has multiple advantages, such as limiting access to information by unauthorized individuals and limiting accessing certain kinds of data.

Moreover, employees should do training concerning various security measures. Various archives states that employees are the weakest link by cyber attackers. Understanding their roles through awareness will secure the business in the long run. Also, limiting access to the most valuable information helps to narrow the number of people that the data exposes to them. Each department should be responsible for its data. For example, there is no need for a secretary to view a mailroom team member’s information or access it. Another effective measure is to use intrusion, which helps to screen and detect any unusual activity. (Jayakumari, D., Rupa, C., & Nikhila, V. 2021). Detection raises an alert and confirms any given activity.

Reference

Bisogni, F., & Asghari, H. (2020). More than a suspect: An investigation into the connection between data breaches, identity theft, and data breach notification laws. Journal of Information Policy, 10, 45-82.

Jayakumari, D., Rupa, C., & Nikhila, V. (2021). Pentatope Based Elliptic Curve Encryption for Privacy and Protection of Multimedia Data. In Advances in Automation, Signal Processing, Instrumentation, and Control (pp. 551-560). Springer, Singapore.

Kesari, A. (2020). The Effect of State Data Breach Notification Laws on Medical Identity Theft. Available at SSRN 3700248.