So, you’ve been hit with a data breach—now what? Unfortunately, this is an all-too-common occurrence, even with some of the new advanced data security and privacy controls that are available. If your team just experienced your first data breach, don’t panic. You have contingency plans in place for a reason, and now is the time to just into action.
Here are a few tips to keep in mind while your team works to secure your controls and fix any vulnerabilities that were exposed during the breach:
- Mobilize and secure the impacted system or hardware immediately. As soon as your team is aware of an incident, it’s time to jump into action. Shut down any impacted systems, secure compromised hardware, and remove any threat of another attack.
- Research the issue and identify where the problem occurred. When things are locked down, it’s time to identify where the issue occurred. Depending on the size and scope of the data breach, you may need to work with the forensics or contracting team to identify the threat.
- Discuss the incident with your executive and legal teams. Next, you will need to notify the appropriate internal parties, including your executive and legal teams. Depending on the type of information compromised, you may have to deal with federal or state law implications.
- Remove or reverse any information shared by the malicious threat during the attack. If your malicious attack includes wrongful posting, information sharing, or communication, go through and reverse the outreach. Remove any posts and wipe your websites of any wrongful content that was shared.
- Identify and notify anyone with personal information or data impacted by the incident. Working directly with your legal team, you will also have to identify and notify those with information impacted during the breach. This could include customers, vendors, partners, or individuals. Additionally, if any PHI or health records were impacted, you will have to notify the FTC and other federal organizations.
- Prep and launch a public response to the incident. Once you are aware of the incident, you will want to mobilize your public response plan as soon as possible. It’s always better to be the first one to announce a data breach rather than have your customers or vendors come to you asking questions. Stay one step ahead by anticipating questions and sharing a detailed response with the public.
Reducing the likelihood of future attacks
While planning your response for a data breach may feel counterproductive (after all, your security controls are in place to prevent these things from happening), having a contingency plan can help reduce the likelihood of attacks. By mapping out exactly how you will respond to a breach, your team can identify any potential gaps in your InfoSec strategy and proactively respond to these issues in advance of a malicious attack.
You can learn more about building a comprehensive risk management strategy here.