Has your company suffered a data breach? First of all, don’t panic.
This admonition appears on the cover of Douglas Adams’ The Hitchhiker’s Guide to the Galaxy. The book’s protagonist relies on this advice to survive a series of intergalactic adventures, including the destruction of the Earth.
An organization experiencing a data breach might feel that they are similarly watching their world crumble. Refraining from panicking as networks and information systems fail is difficult, but it’s key to managing a data breach. Any forward-thinking organization can prepare for a panic-free data breach and manage it successfully by following a number of processes.
Develop an Incident Response Plan Ahead of Time
Your incident response plan should identify and prioritize the components of an information system that are most critical. It should also identify data breach risks, establish procedures to contain the breach, and delegate communications tasks. Organizations should establish a response team with clear management and pre-determined responsibilities. Leaders should distribute the plan throughout the organization and provide training to all employees.
Preserve Evidence of the Breach
Preserving evidence requires fighting a natural tendency to delete everything. But in order for technicians to respond to the breach, they’ll need to know exactly what happened. The incident response plan should consider how to preserve evidence without spreading the breach deeper into an organization.
Contain the Breach
Containing a data breach typically starts with isolating systems and areas that the breach has affected. Disconnect those systems from the internet and disable remote connections. Change administrative passwords and control access to critical systems. Enhance your firewall settings so no other malicious intruders can gain access.
Misinformation or inadequate communications about a data breach can do more harm than the breach itself. Clearly communicate information about the breach and its effects to employees and customers. Disseminating timely customer notices can help preserve your company’s reputation and provide reassurance. Organizations subject to regulatory oversight—like healthcare providers—must notify the proper authorities immediately. Releasing communications from a centralized data breach response team keeps messaging clear and consistent.
Business interruption and the task of notifying affected parties are two of the reasons why data breaches tend to be so expensive. For this reason, many organizations carry cybersecurity insurance. A typical policy covers immediate costs like notifying breach victims and providing them credit-monitoring services. Cyber insurance also covers the cost of third-party liability claims alleging your company failed to adequately protect its data. It’s easier to avoid panicking following a data breach if you have a safeguard against financial devastation.
Restore Affected Systems
Restoring your systems after a data breach is a main priority. After all, while your systems are down, or your website is offline, you’re losing money. Here’s where preserving your forensic evidence comes in handy; you can use it to determine how the data breach occurred. Close any loopholes, update your software, and rid your system of any vulnerabilities. Provide downtime estimates to customers, partners, and employees so they know where you stand. Then it’s time to start the long road to rebuilding trust.
Your response plan will dictate how quickly you’re able to recover from a data breach.