While it’s clear no organisation is safe, thats no excuse for not having a response plan in place.
In this situation, you need to act quickly to not only meet various compliance regulations, but also to limit the scope of the damage caused by the breach.
In a recent report, Juniper Research predicted that the cost of data breaches will amount to 1.3tn by 2019, showing just how costly data breaches are becoming and the importance of having a contingency plan in place.
If a breach happened right now, would you be prepared Would you know what to do and how to act If the answer is no, then you need to create a robust, clear policy.
This plan should be well-defined, concise and rehearsed. Much like a fire drill, all employees of your organisation should be aware of the procedures and how to act almost instinctively.
So, what does such a plan look like While levels of urgency will depend on the severity and scale of the breach, heres some advice for what you need to do in those crucial first 24 hours.
Hours 1-2: Triage Assess the situation
When a patient is admitted to A&E, the first thing the doctor will do is determine the severity of the injury. This is the perfect analogy for what a business needs to do in the immediate wake of a breach.
Someone in the business with sufficient training should take a step back, assess the situation and classify it accordingly: Has a device been stolen Has your server been hacked Have you been hit by a denial of service attack
Once the threat has been identified, this would be the time to enact automated controls. For instance, in the case of a stolen laptop, a company would activate any underlying embedded technology solution to either remotely delete the data, track the stolen device or cut the network connection.
Hours 2-8: Legal and containment
This is the stage where roles need to be assigned amongst your team. Once you have identified the severity of the breach, your legal team can advise on the best course of action.
Your company must also appoint somebody with sound communication skills and a thorough knowledge of the problem to interact with the relevant authorities (dependent on data regulations in your region). You should also use this time to make sure that your automated controls have worked and confirm that the threat is contained.
Hours 8-18: Analysis and investigation
Documentation is everything, and you must make sure that you have all of the facts at hand. Depending on the type of data that has been compromised, your customers and the authorities will want the full picture.
Evidence has to be properly collected and logged; not only for these reasons but so that the root of the cause can be properly identified, and prevented from happening again.
Once established, you should ensure that you have several people in the organisation that can liaise with anyone who may be concerned about the breach, be that business partners, worried customers, or the press.
The first 24 hours is just the beginning. Find out what steps you need to take following the breach, such as how to issue breach notifications to your customers and how to educate your staff to prevent another breach. Continue reading on page two.