Developing a Security Breach Response Plan
Just as your business prepares for fire safety and other emergencies, so should you prepare for a security breach. According to recent statistics, over 9 million records have been lost or stolen since 2013 and that number is expected to grow continuously. A data breach can hurt your brand, customer confidence and reputation. Follow these steps to protect your business with a Security Breach Response Plan.
- Create an response team - If a breach or cyberattack occurs, the impact can be far-reaching and immediate. Creating a response team can help limit that impact. Having a team in place will ensure that your security breach plan is carried out properly and that procedures are communicated effectively. Be sure to also designate a response executive to make key decisions and act as a liaison between management and the rest of the response team.
- Install monitoring tools on your systems - When a breach occurs an expert is often brought in to investigate. The expert may request documentation detailing the breach. These systems should be in place before a problem arises. This tools will enable your organization to understand where there might be gaps in existing security so you can limit their risk in the future.
- Manage the evidence - Carefully document all investigation and mitigation efforts. Any interviews with key personnel should also be documented. It is wise to seek advice from your legal counsel on the approved methods for protecting digital evidence.
- Define a notification process - In certain circumstances, the organization may need to notify law enforcement of the breach. Law enforcement may have procedures that they would like to take to determine the source of the attack and monitor the activity of the attacker. Being able to determine the source of the problem is important because it will help to stop the attack, and monitor the attacker’s movements, if needed. In addition, various protocols for notifying affected individuals and the public should need to be outlined.
- Define recovery procedures - First, be sure to change encryption keys and passwords immediately to prevent further access. Then, determine how compromised data will be recovered. To ensure that data is not completely lost, ensure your business has effective controls and processes in place for data backup and organization. Organizations should also perform annual testing to ensure that back ups are taking place in a way that will allow recovery.
- Test and refine the response plan - Train staff on how to react in the event of a breach. One option is to simulate a data breach and perform a testing. This allows your team to practice the steps and to clarify any confusion of the procedure. The first time personnel practice these procedures should not be during a real data breach. Be sure to practice the response plan on a regular basis and to make any updates as necessary.