There is a high likelihood another large data breach will occur in 2016, so it is essential your financial institution is armed with a written data breach action plan that includes steps to prepare for, respond to, and recover from an attack. Provided below are best practices your credit union can take to help mitigate the financial and reputational impact of a potential data breach on your financial institution and members:

Plan

• Establish a formal data breach response plan
  • Name your team
  • Review plan annually
  • Submit to Board of Directors (GLBA)
• Conduct annual trainings with employees on data breach awareness and response
• Run tabletop exercises and/or mock data breach drills annually
• Create a security fund for unpredictable external and internal breach costs

Respond

• Develop an internal breach action plan
• Designate resources to draft notification letters, employee scripts, FAQs, press releases, etc.
• Adopt fraud investigation and credit monitoring services
• Give away entitlement to services up front to create more value and offset cost at breach

continue reading »