JAYEN GODSE, 30 September 2020
Data breaches can happen to any organization or company at any time, but how you deal with the aftermath of a data breach has a lot of effect on your business. The fact remains that breaches are happening, and the severity in terms of impact and the number of records are on the rise.
As the recent breaches at Experian, Marriott, and First American data Corp. show, the size of the business does not matter when it comes to breaches. The big corps are just as vulnerable as the small ones.
So if data breaches can occur at any time and to anyone, it is essential to have measures on the ground to address this issue.
Preparation and planning is key to any incident response. You cannot execute on the fly after an incident has happened. According to some security experts, they pointed
Every organization must address the following 6 points to manage the aftermath of breaches.
- Identification and detection
- Training of employees
- Proper communication
- Lessons grabbed
Identification and Detection
This involves understanding how the attack happened, how the attackers got access, and how the data got out as well. Once this is detected, you need to ensure that data is still not leaking out. This is the first step; knowing the situation of things and where you stand.
The next thing is to find out if the attackers are out, and no more data is leaving your database. You also need to find out if the breach was one-off and if the access point, staff, or department has been able to block the instance to enable the prevention of it happening again.
Once the situation is contained, you should focus on dealing with the issues, removing them, and restoring any affected system. Careful steps must be taken to eradicate malicious and harmful content from the system that was affected by carrying out an overhaul of the system’s hard drive and scanning affected systems and files using anti-malware software.
Training of Employees
Getting your employees up to speed on what is going on is a line of defense on its own. Give them key points to keep them abreast. Is the security breach as a result of an employee’s action? Ensure to let them know and inform them to prevent future occurrences. Building a holistic security culture within the organization is paramount to getting over the aftermath of breaches and avoiding further occurrence.
Once your employees have imbibed a security culture, the next thing to achieve is proper communication amongst everyone, especially when it has to do with external communication. Your Policy should include non-sharing of company matters and documents on social platforms and discourage any commenting that could cause further problems for the company.
The last step on your journey to coming back from a security breach is learning your lessons. Once you have learned from a breach, pick up the pieces, and move on to recovery. In some cases, dust might still be raised from reports by the press; you might also have to deal with data protection regulators. All you have to do is follow examples of some other companies that have come out from such breaches and are stronger. Work hard to understand what went wrong and do everything to avoid another occurrence of such.
One major thing you must consider in handling the aftermath of a breach is what we call “breach notification planning.” This should be your next focus.
Breach Notification planning
Following our previous sections, there is one thing that has been established; most companies and organizations are not adequately prepared to respond to breaches, especially as it relates to breach notification planning. “Breach notification is a fundamental part of risk management in this new age and time,” says a security expert. This, of course, is true; but what needs to be done to see this through correctly? Four areas must be addressed when it comes to breach notification. These areas are:
- The Policy: this involves your standards and values as it relates to communication commitments. It also involves your communication with regulatory authorities and how you plan on following regulatory policies.
- The Procedures: this involves the detailed processes and steps taken on a daily basis to prevent further breaches, to handle incidents as they occur, and steps to see your organization through the events of a breach. All details must be stated.
- The People: As an organization, you must have a supportive executive team that is well aware of the situation, and you must have a well-informed workforce as well.
- The Technology: the last thing that must be stated properly in terms of breach notification is Technology. The Technology in use before, during, and after the breach must be assessed appropriately to make recommendations in improving it.
Now that we have addressed the critical areas of a breach notification plan, some things must be included in your plan.
The plan should include:
1. List of breach communications commitments – these deals with:
- Within how many hours the communications should occur by client & by the regulatory authority
- Who to initiate contact
- How to contact
- Whom to Contact
2. Language in breach notification – this involves
- Designating a primary and secondary individual/team to take charge of the drafting of this communication
- The individual/team should comprise of legal, security, and technology background
3. Forensics is an essential part of the incident, and being prepared is part of your plan
4. Prepare a plan on saving data for breach analysis
This plan must be prepared upfront and requires expertise and professionalism.