All organizations, private or public, depend on stored data. Companies and governments implement procedures to protect their data, especially Personally Identifiable Information (PII). Despite this, breaches continue to happen and every organization needs to prepare for this eventuality, rather than doing damage control and dealing with the fallout after a breach.
To be prepared, a breach response plan should be established, detailing which teams will take action in the event of a breach to inform affected clients, respond to the media, and block the intruder and eliminate the weakness that led to the breach. What are some of the basic elements of an incident response plan? Here are a few critical components every plan should include.
Keep detailed information on what data the company collected, processed, and stored, where that information is stored, and access privileges. Prioritize the data according to sensitivity, compliance requirements, and total damage that could be done if lost. If your storage plan includes the cloud, specify where those servers are located, what protections are in place, and who has access to the data stored there.
IT departments usually carry out monitoring processes, but the breach response plan should include procedures on monitoring access and completing audits. Many organizations fail to completely remove old accounts or compartmentalize data access.
Be Aware of Compliance Requirements
Healthcare and financial services information assurance are heavily monitored. Stay informed on what regulations exist that affect company data and audit the procedures regularly to ensure continued compliance with changing laws. Make sure all requirements and recommended steps are covered in a response plan.
Assess Your Legal Risks
Data breaches can lead to long, expensive class-action lawsuits. Include in a response plan a list of contracted legal agencies that specialize in breach response so a company can activate their teams immediately.
Establish a Crisis Communication Plan
By far the most important element of a response plan. Clear chains of communication will eliminate confusion and ensure each party knows exactly what they need to know. Any teams and assigned leaders from various departments that play a role in the internal and external communication processes should be included. If a company employs an outside agency to handle external communications (e.g., drafting/sending letters, press conferences, informing law enforcement agencies, etc.) following a breach, list these on the plan and clearly identify how that agency will be contacted.
Practice Incident Response Plans
A successful response plan relies on team members and any third-party agencies knowing their roles and being able to execute them correctly. For this to happen, incident response plans should be practiced regularly, especially communication procedures. This is especially important after an update to the response plan. Repetition helps team members internalize their roles, turning responses into automatic actions.
A successful response requires planning, attention to detail, informed team members, clear lines of communication, and constant vigilance. A response team that knows their roles, and practices the procedures, is a team that will succeed. While data breaches will remain a risk, being prepared remains the best defense, and that depends on having the right response plan in place.