In all truth, there is no foolproof guarantee that a data breach will never happen. This because criminals will always find a way to breach even the tightest security measures and, once those weaknesses have been addressed, they will find new vulnerabilities to exploit. That’s not to say security efforts are useless. They do thwart the majority of breach attempts and, combined with an efficient response to breaches, this system helps to protect millions of computer users from the possible cyber attacks plaguing the system.
What exactly does a data breach response entail? There are three primary focuses of every data breach response, which involve securing the system, addressing weaknesses, and notifying the affected parties. In understanding what’s required in each step of the reaction, you’ll be better prepared for the eventual data breach.
Securing the System
Your organization should already have a data breach response team in place, and these individuals should be contacted immediately. The goal of this team should be to get your system up and running as quickly as possible and act to prevent further data loss. This includes isolating the physical areas that may have been related to the breach. Access codes to those areas, as well as to the machines affected, should be immediately changed. This will help to ensure the same method of unauthorized access will be rendered ineffective.
This will require replacing credentials for all authorized users and limiting the use of the affected machines. Ideally, you should have new machines to install in place of the compromised physical hardware as a means of restricting additional access to the data. Your response team should also be tasked with checking the internet and your organization’s own website to ensure the breach didn’t result in exposed sensitive data. Any personal information found posted online should be removed from your organization’s website. If it has been posted on other websites, contact those site administrators and request that the data be deleted.
Related information: Federal Trade Commission
Address Security Weaknesses
A forensics team should already be looking into the vulnerabilities in your system and collecting evidence for an official investigation. Once they give you permission to begin accessing the system, your team should start making changes that will strengthen the weaknesses that were exploited. This may involve subscribing to a VPN service to prevent internet service providers and other third parties from accessing your system. You should also be working with the service provider to make sure they are also responding to the breach and addressing vulnerabilities.
Your network should already have been segmented so that each server functions independently. This enables the forensics team to determine which servers were affected. By identifying where the breach occurred, you can determine if you need to change the method of segmentation.
Related information: DZone, Digital Guardian
Notify the Affected Parties
Almost every state has enacted laws that outline how a business must respond to a data breach when personal information was accessed. Properly reacting do a data breach typically involves notifying the parties that were affected, whether they are individuals, other businesses, or government agencies. As previously suggested, law enforcement should be among the first agencies to be notified of the breach. If local or state police don’t have the resources to address identity theft crimes, you may have to contact the FBI or other federal government agencies.
There is also the Health Breach Notification Rule to consider, which concerns data breaches that involve health information. If this is the case, your organization is required to notify the Federal Trade Commission and may also be legally bound to inform the news media. For this reason, it may be crucial to work with attorneys, who specialize in cybersecurity laws.
If financial data was accessed in the breach, it’s equally important to notify the credit card companies and credit reporting agencies. This will help them identify instances of identity theft more easily. When informing customers and vendors of the breach, you should be prepared to supply the following information:
- The state laws affecting the breach
- The nature of the breach
- The type of information accessed and how it may be misused
- The consequences of misuse of the data
Related information: CIO, Revision Legal
While a data breach may not be enough to destroy your business reputation, how you react to it may adversely affect your organization. For that reason, it’s essential to have an actionable response plan in place, no matter how secure you believe your system to be. This will help you respond promptly and efficiently, which will engender trust among the people and organizations with which you conduct business. It will also help to ensure you comply with the laws that govern data breaches in your state.
If you’re looking for physical data management for your servers and other storage devices, check out our products page!