Responding to a Data Breach – A Five-Step Guide
With high profile breach hitting the headlines on an almost daily basis (or so it seems) the chances of suffering a breach are not so much if but when. The average cost of a breach has now reached $4 million according to recent research conducted by the Ponemon Institute and so should the worse happen to your organisation then being prepared and having a process in place can make all the difference. Here is a five-point guide on what steps you should take and what questions you should ask.
Step 1 – Understanding if there is really an incident
Incidents generally start as a set of indicators, typically referred to as an event, that on further investigation either turns into an incident requiring follow up, or not. The response plan should include a policy that sets the parameters, severity, and standards for when and how an incident is declared. This will provide the basis to define a major and minor incident type and set the required procedures to be followed in future. If third parties or vendors are likely to be involved then it is particularly important to include incident response procedures for them too.
Step 2 – Assigning responsibility
Should an event be escalated to an incident, understanding who is in charge is essential; having a pre-agreed response team and assigning roles, responsibilities, and authority to everyone within it should be agreed in advance. The policy-granting authority needed to fulfil the roles of team members must also be clearly communicated across the organisation. Remember in the face of an attack an organisation’s information security infrastructure will be judged purely on how efficiently and effectively the incident is responded to rather than the ongoing efforts taken to protect the environment.
Step 3 – Plan of Action
Following an event the response team should take time to review what could have been done better to prepare for any future occurrences for example, drills, desktop exercises, functional exercises and full scale exercises could all be used to stimulate technical, operational, communication, and/or strategic responses to cyber incidents to review and refine current capabilities. Each exercise consists of determining what improvements could be made in: 1. Preparation, 2. Detection and analysis, 3. Containment and eradication of threats, 4. Post-incident activity and 5. Recovery process and getting back to business
It’s worth noting that when the EU General Data Protection Regulations come into force in little over a year’s time Article 31 will require companies to notify the appropriate authority of a data breach within 72 hours of learning about the exposure
Step 4 – Keep the lines communication flowing
An effective response plan is only as good as its communication network and when critical incidents of this nature occur time is of the essence. Often communication networks can be the first resource to break down so it’s important to perfect the process and ensure that there is a standard procedure for lines of communication.
Step 5 – Understanding the impact
We have already mentioned the sheer number and scale of data breaches that have and will continue to happen. The growing threat of identity theft makes customers particularly sensitive to any of their data being at risk which is why companies must understand the risk associated with each incident and consider the impact on the business and implement any measures they can take to reduce the threat.