7 Steps to Responding to a Data Breach Nightmare

It’s every organization’s nightmare. Hackers gain access to your clients’ or employees’ personal information, putting your hard-earned good reputation at risk and raising the specter of a possible lawsuit.

No organization wants to think about such a crisis, yet it’s imperative you do. Suffering a data breach without an emergency incident response plan leaves you vulnerable to the damage of the attack itself plus the potential fallout from your own panicked decisions.

While the below can be used as a roadmap to address a suspected breach, it is wise (and in some states, required) to have a more detailed “Incident Response Plan” as part of a Written Information Security Program (WISP).

7 steps to take if you fall victim

Call your IT Support company. Let them know its emergency level. Let them know what you did and that you need them to secure your system immediately (including locking out the hacker, terminating his or her session, changing passwords to the accessed system and others where you use the same password). Care should be taken to preserve log files at this point. Ask them to determine what has changed since you first noticed the attack. Write down dates and times of the events you noticed.

Engage a Cyber Forensics Investigator.Contact us for help identifying a forensic investigator that you can turn to in the event of a data breach. Most IT support companies will not have this ability in house. The preliminary goal will be to answer three fundamental questions: How were the systems breached? What data did the hackers access? Was any personal information accessed, which would result in a reporting requirement being triggered? Once these questions have been answered, experts can evaluate the extent of the damage.

Call your insurance company. If the investigator determines the incident to be a breach or a probable breach, you need to call your insurance company. Inform them of the facts and ask them if you can use your own local privacy attorney and cyber forensic investigator or if you must use theirs to determine the extent of the breach. Finding out if your insurance allows you to choose your own lawyer and investigator is another step you can take ahead of an incident. If they require you to use a lawyer and investigator of their choosing, forming relationships before an incident can make things easier after an incident is detected.

Schedule a conference call. You will need to speak with your privacy attorney, the cyber investigator, and your IT support person that helped with the incident initially. The attorney will guide you through the next steps including advising you on your legal responsibilities and what you should do or not do (or say) in response to the incident.

Fortify your IT systems. While investigative and response procedures are underway, you need to work proactively to prevent another breach and strengthen controls. Doing so can involve training staff on recognizing cyber threats and phishing emails, strengthening passwords, and having your network and security program examined by a professional.

Communicate strategically. No matter the size of the organization, the communications goal following a data breach is essentially the same: Provide accurate information about the incident in a reasonably timely manner that preserves the trust of clients and employees. Note that “in a reasonably timely manner” doesn’t mean “immediately.” Often, it’s best to acknowledge an incident occurred but hold off on a detailed statement until you know precisely what happened and can reassure those affected that you’re taking specific measures to control the damage and most importantly, prevent it from happening again!

Activate or adjust credit and IT monitoring services. You may want to initiate an early warning system against future breaches by engaging an IT Security consultant to check your systems periodically for unauthorized or suspicious activity. Of course, you don’t have to wait for a breach to do these things (it’s better if you take these steps before an incident), but you could increase their intensity or frequency following one.

Inevitable risk

Data breaches are an inevitable risk in today’s networked, technology-driven world. Should this nightmare become a reality, a well-conceived incident response plan can preserve your organization’s goodwill and minimize any impact on efficiency. Following such a plan can even prevent an incident from becoming a “legal breach.” We can help you design a simple and effective plan as well as be at the ready when you need us the most.