Not if, but when
Breaches are a fact of life in today’s cyber-attack happy world. In 2018, according to the Identity Theft Resource Center (ITRC) , there were over 1,240 data breaches reported. These breaches accounted for an astounding 446 million consumer records containing personally identifiable information (PII), well over 100% more than in the prior year. If you count data like email addresses, user names, and passwords, the number of records compromised climbs to over 166 billion.
Businesses like Marriott, Target, FaceBook, Cathay Pacific, Quora, and others were all breached in one way or another, leading to significant reputation damage as well as disruptions to their users and their businesses. Just focusing on business impact, not legal fees and settlements, the average insured loss from a cyber incident is now just over $2.3 million according to Allianz Global Corporate & Specialty (AGCS)AGCS, with the understanding that losses from major cyber events can be in the hundreds of millions or higher. You would not be alone in worrying about cyber incidents, as they rank as the business interruption trigger most feared by businesses, according to Allianz Risk Barometer survey respondents.
Businesses of all sizes are being targeted, especially smaller and mid-sized firms who believe they may be below the hackers’ radar, and whose data security practices may be less well-resourced than at large organizations.
Why Data Breach Response Planning Matters
While information security technology is critical to every business, an equal or more important solution is response and recovery as a key component in managing a data breach event. Most CEOs and CIOs do not get fired because their companies are hacked or experience a data breach event, they (e.g. the CEOs and CIOs of Target and Equifax) were fired because of their company’s failed management response to a data breach event / hack. The threat landscape changes so quickly security policies and procedures are not keeping up.
Having a formal response and recovery plan is critical to demonstrating defensible practices and is shown to help minimize risk and lessen financial impact and damages caused by an information security incident.
Access Notifi provides you with a comprehensive recovery plan.
- Live response 24/7/365 to answer questions, receive reports of a suspected Data Breach event and recommend critical first steps.
- A dedicated point of contact from your Service Provider to respond to calls, deliver critical documents and address ongoing concerns.
- A comprehensive information gathering and assessment process to determine the nature and extent of the Data Breach event and applicable Canadian notification requirements.
- Two (2) hours of consultation with an information governance and cyber risk expert in addition to the event assessment process.
- A detailed plan and timeline to provide a response to the Data Breach event created by a qualified attorney, including:
- Initial data incident consultation to answer questions and discuss basic strategies for investigating and responding to the incident.
- Recommend notification letter content to governmental agencies and Affected Consumers and Plan Member Employees based on the circumstances and compliance requirements of the Data Breach event.
- Recommendations concerning public relations communications and frequently asked questions to employees, the press, the public and others.
- Recommendations concerning communication and interaction with law enforcement agencies.
Fully Managed ID Theft Recovery Services for up to 50,000 Affected Consumers
Notifi includes ID Theft victim recovery services for an affected group of up to 50,000 consumers per Data Breach event whose sensitive information may have been compromised (Affected Consumer) in a Data Breach event. A professional Recovery Advocate handles the research, documentation and legwork on behalf of the victim to resolve both financial and non-financial identity fraud. Recovery services for larger events affecting more than 50,000 consumers are available at preferred rates.
If, for any reason, an Affected Consumer is a victim of identity theft within the term of the program, a professional Recovery Advocate will manage the recovery process with a goal to restore their name and credit to pre-event status. This includes the follow-up, paperwork, and phone calls on their behalf, through a limited power of attorney authorization.
Once an identity theft event is reported, the following actions will be taken to manage their recovery:
- The victim will be assigned a Recovery Advocate, who will work with them to perform the necessary actions to recover their name and credit history.
- The victim will have direct access to their Recovery Advocate via phone, email and fax for the duration of the case and for 12 months thereafter.
- The victim will be provided an Identity Care Account with free credit monitoring and access 24x7x365 to updates concerning the status of their Identity theft case.
- The Recovery Advocate will immediately send them a Recovery Packet (if applicable) by email, fax or overnight delivery, with a limited power of attorney form, and instructions for immediate action to be taken.
- Once the forms in the Recovery Packet are returned, the Recovery Advocate will perform any or all of the following actions:
- Place fraud alerts at the three major credit bureaus
- Provide copies of credit reports from all three credit bureaus and review the reports with them to identify fraudulent activity.
- Assist in completing the official Identity Theft Affidavit from the Federal Trade Commission to establish their rights as a victim.
- Contact the Social Security Administration, US Postal Service, Department of Motor Vehicles, among others, to reverse any wrongful information, transactions, or misuse of official documentation as applicable to the case.
- Research and document any fraudulent transactions, false accounts, or contracts signed with creditors, banks, utility companies, leasing agents, medical facilities, etc., and follow up to make sure all wrongful activity is resolved and removed from credit files.
- Work with local and federal law enforcement to try to stop the criminal(s) that are misusing the employee’s name.
- At the close of their case, their Recovery Advocate will provide confirmation of their return to pre-identity theft status.
- The Recovery Advocate will provide post-recovery follow-up for 12 months as well as continue to provide free credit monitoring for the duration of that 12 month period.
- Initiate single bureau credit monitoring to be in place throughout recovery and 12 months, post-resolution.
Why Access Notifi Now?
The premise is simple, and the value provided far exceeds the low monthly fee.
- Proactive protection against a cyber-incident
- Accelerated response times
- Certainty of meeting regulatory requirements for disclosures
- Mitigation of damage to your company and reputation
- Expert advice and guidance on response to a data breach up to 2 per 12 months
- Customer notification templates that meet regulatory requirements
- Employee talking point templates and call center script templates
- PR guidelines based on research into 1000’s of incidents
- Identify recovery support services for up to 50,000 affected people.