The 180-Day Plan

April 2014 Integrated Solutions For Retailers

By Jim Lippard, sr. product manager in security services, EarthLink

What you can do to minimize six months of pain from a credit card breach

As credit card breaches become more common at businesses of all sizes, it is important to know what to expect and to be prepared to take steps that can reduce the time from the discovery of the breach to the return of “business as usual” after remediation. Some of the most important steps are those which take place before a breach is discovered.

Before The Breach
If your business carefully follows the PCI Data Security Standard, you have assigned formal responsibility for monitoring and analyzing security alerts that may discover a breach and for implementing security incident and escalation procedures in the event that a breach is discovered. You should have a plan for what to do in the event of a breach, forming a response team of internal and external resources and making sure that the team members are trained and periodically test the plan with a breach exercise. You should also establish a communications plan about who says what to whom, internally and externally. Consider transferring some of the risk to third parties with a breach protection plan, which supplies external resources and covers breach-related expenses such as a forensic analysis, card replacements, and fines.