Teiss guest blogger Aaron Fox, data security consultant at HANDD Business Solutions, explains how a simple process for responding to a data breach can make all the difference.
With high profile breach hitting the headlines on an almost daily basis (or so it seems) the chances of suffering a breach are not so much if but when. The average cost of a breach as now reached $4 million according to recent research conducted by the Ponemon Institute and so should the worse happen to your organisation then being prepared and having a process in place can make all the difference.
Here is a five-point guide on what steps you should take and what questions you should ask.
Step 1 – Understand if there is really an incident
Incidents generally start as a set of indicators, typically referred to as an event, that on further investigation either turns into an incident requiring follow up, or not. The response plan should include a policy that sets the parameters, severity, and standards for when and how an incident is declared.
This will provide the basis to define a major and minor incident type and set the required procedures to be followed in future. If third parties or vendors are likely to be involved then it is particularly important to include incident response procedures for them too.
Step 2 – Assign responsibility
Should an event be escalated to an incident, understanding who is in charge is essential. Have a pre-agreed response team and assign roles, responsibilities, and authority to everyone within it. This should be agreed in advance.
The policy-granting authority needed to fulfil the roles of team members must also be clearly communicated across the organisation. Remember in the face of an attack an organisation’s information security infrastructure will be judged purely on how efficiently and effectively the incident is responded to rather than the ongoing efforts taken to protect the environment.
Step 3 - Plan for action
Plan what you will do in the event of an incident, and then practice those plans. Drills, desktop exercises, functional exercises and full scale exercises could all be used to stimulate technical, operational, communication, and/or strategic responses to cyber incidents with the aim of reviewing and refining current capabilities. These exercises can be used to determine what improvements could be made in:
- Detection and analysis,
- Containment and eradication of threats,
- Post-incident activity
- Recovery process and getting back to business.
Following a real event the response team should also take time to review these plans of action and identify what could have been done better to prepare for any future occurrences.
It’s worth noting that when the EU General Data Protection Regulations come into force in little over a year’s time, Article 31 will require companies to notify the appropriate authority of a data breach within 72 hours of learning about the exposure. In order to comply you need to be able to detect incidents and have a slick process for reporting them within the required time frame: it's important to test this process to make sure it works.
Step 4 – Establish lines of communication
An effective response plan is only as good as its communication network and when critical cyber incidents occur time is of the essence. Often communication networks can be the first resource to break down when a cyber breach happens so it’s important to perfect the process and ensure that there is a standard procedure for lines of communication.
Step 5 – Understand the impact
Data breaches will continue to happen, in large numbers and at high scale. The growing threat of identity theft makes customers particularly sensitive to any of their data being at risk which is why companies must understand the risk associated with each incident and consider the impact on the business and implement any measures they can take to reduce the threat.
Photo copyright sportpoint under licence from thinkstockphotos.co.uk
Aaron Fox is a Data Security Specialist at HANDD Business Solutions
As a Data Security Specialist for Enterprise accounts, Aaron Fox works on data security projects with some of the largest banks in the world, top investment companies and other major organisations.
Aaron joined HANDD Business Solutions in 2015 after starting out in the insurance sector at Ageas Insurance Limited, and then moving to CMS Supatrak to develop telematics software solutions to help improve the efficiency of transport, logistics and waste management organisations.
Aaron has a degree in Economics from the University of Portsmouth.