Data Breach Response: What Your Organization Must Do in the First 24 Hours
You just found out about a data breach, it may be that hackers broke into a server and stole credit card numbers, or several boxes of confidential information went missing from a storage room.
But what should you do now?
Don’t waste any time before your data breach response, says Stephen Treglia in a darkreading.com blog. “There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.”
The 2015 Cost of Data Breach Study: Global Analysis by IBM and Ponemon puts the average total cost of a data breach at $3.79 million, which is a 23% increase over the past two years. Each lost or stolen record containing sensitive information cost an average of $154.
What’s important is that every organization have an official – and tested – Incident Response Plan at the ready. Then, here’s what needs to be done.
- Assemble the response team. The team should include representatives from the C-suite, IT, PR/Marketing, legal and customer service departments as well as any third parties that may be required. A good information security policy includes a Chief Information Security Officer (CISO) with company-wide responsibility – research has shown this can reduce the cost of a data breach.
- Address the breach immediately. Investigate what happened and put controls in place that can help fix the data leak. The goal is to contain the situation and stop additional data loss. For example, take affected machines offline; if a laptop has been stolen, use data wipe software. Alert staff and change passwords. Also, secure the premises around where the data breach occurred. It’s important to “analyze the threat and get your system back up and running,” said Treglia.
- Document everything. Experian’s Data Breach Response Guide 2014-2015 says its important to carefully document everything that is known about the breach – who discovered it, who reported it and to whom, who else knows about it, what type of breach it is, what was stolen, how it was stolen, etc.
- Bring in forensics. An in-depth investigation is recommended. It’s important to test the security fix too once problems have been resolved.
- Check data breach law. Know the privacy laws in your industry and state, and in the states where customers reside. Review notification rules and whether you have to notify customers, vendors and other outside parties within a certain time-frame. There may also be data breach fines.
- Begin the notification process. Consumers want to see facts about the breach, information about the risks they may face, and steps they can take to protect themselves, according to the Data Breach Response Guide. Also, provide ways you can help protect customers from identity theft including free credit monitoring or identity protection. What’s also important: a sincere and personal apology, according to a Ponemon report.
After a data breach incident, there’s an opportunity to improve security, including cyber security, across the board. Find out how a Shred-all Policy is one of the most effective ways to reduce the risk of a security breach and learn how secure shredding services can simplify document handing and destruction.