Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1356436
39 I L T A N E T . O R G their methods and may eventually find a way in despite your best efforts. That's why it's important to have plans in place that ensure the continuity of your business and allow you to recover quickly in the event of a breach. The following measures are key for business continuity and disaster recovery. • Transparency. Knowledge is power when it comes to bouncing back from a security breach. It's crucial that the firm be transparent about past hacking attempts and system weaknesses, with a clear way of notifying employees about incidents and what the established response plan is. • Establishing Yourself. Firms are better positioned to recover from incidents when they've already established themselves in an industry or market, because clients will want them to continue providing services. Focus on building up funding and a positive reputation now so you're firmly established if you later find yourself facing a crisis. • Clear Terms of Service and Privacy Policy. All firms today need to have clear terms of service and privacy policies in place that inform clients how their personal data and information is managed and protected. Part of those policies should include a clear statement of the firm's plans for business continuity and disaster recovery in the event of a breach. • Certification Attestation. Part of recovery is ensuring that your third-party vendors are continuing to implement security measures that meet your firm's requirements. Security attestations are a crucial part of that. You should always demand that your vendors provide attestations that they are certified to comply with certain regulations or security standards, such as SOC2, Type 2, SSAE16, HIPAA and HITECH. • Clear Notification Policies for Legally Required Responses. In the event of a breach, your firm is likely to see involvement by law enforcement or other investigators who will request access to customer data via subpoena or other means in order to complete their investigations. Your firm should have a clear policy in place for notifying customers of these requests and ensuring that data remains secure. • Location of Data. Recovery plans require convenient access to data, so it's important to know where and how your data is stored at all times. Easier access comes from having your data stored in the right manner, so you should think ahead and only work with a provider that stores your data in the jurisdiction that ensures compliance and makes most sense for your firm and client base. • Data Segmentation. Employing data segmentation practices in advance will help with continuity and recovery after a breach. Using a private cloud isolates your data from the data of other companies, because you're not sharing infrastructure as you are in a public multi-tenant cloud. Data mirroring, or the practice of maintaining exact, real-time copies of data in another location, eliminates single points of failure and ensures that you still have access to your data if one server is compromised. • Physical Layer Redundancies. Redundancy is key to quick recovery and ensuring continuity. When redundant copies of networks or systems exist, they can be relied on if a corresponding network or