Abstract
Over the last decade, the number of small and medium (SME) businesses suffering data breaches has risen at an alarming rate. Knowing how to respond to inevitable data breaches is critically important. A number of guidelines exist to advise organisations on the steps necessary to ensure an effective incident response. These guidelines tend to be unsuitable for SMEs, who generally have limited resources to expend on security and incident responses. Qualitative interviews were conducted with SMEs to probe current data breach response practice and to gather best-practice advice from SMEs themselves. The interviews revealed no widespread de facto approach, with a variety of practices being reported. A number of prevalent unhelpful-practice themes emerged from the responses, which we propose specific mitigation techniques to address. We therefore propose a SME-specific incident response framework that is simple yet powerful enough to inform and guide SME responses to data breach incidents.
Original language | English |
---|---|
Pages | 13-20 |
Number of pages | 8 |
Publication status | Published - 5 Apr 2018 |
Event | 2018 AISB Convention: Symposium on Digital Behaviour Intervention for Cyber Security - Liverpool, United Kingdom Duration: 4 Apr 2018 → 6 Apr 2018 |
Conference
Conference | 2018 AISB Convention: Symposium on Digital Behaviour Intervention for Cyber Security |
---|---|
Abbreviated title | AISB 2018 |
Country/Territory | United Kingdom |
City | Liverpool |
Period | 4/04/18 → 6/04/18 |
Keywords
- GDPR
- small and medium (SME) businesses
- data protection
- data breaches