Image may be NSFW.
Clik here to view.
Companies aim for greater revenues, profits and brand loyalty. They never wish for data to be lost or stolen because a data breach takes away from these three important goals.
But the reality is that a data security incident can happen to any organization—regardless of its size or industry.
The key to handling an exposure is to move swiftly, confidently and lawfully to counter the negative impact of a breach and preserve the company’s reputation. Here are some recommended do’s and don’ts to bolster a response plan:
1. DO contact your general counsel immediately. Your organization will need to follow certain legal requirements. Getting critical direction from experienced counsel is important in order to be compliant with the patchwork of laws that can apply. Remember that breaches don’t just happen when a hacker attacks a network. Mis-mailings, either in paper or electronic format, and lost laptops are breaches. The scale can vary from a single compromised record to the exposure of all the customer data your network holds, but it’s still a reportable breach.
Though seen mainly as a PR issue, breaches actually have a range of compliance implications. Your organization may need to comply with local, state and/or federal legal mandates. Coordinating the right response is likely to require customer-facing communications as well as behind-the-scenes work with regulatory agencies and possibly law enforcement. To meet your obligations, any breach should begin with a discussion with legal counsel.
2. DON’T power equipment off automatically. In an effort to stop a breach, many organizations immediately begin powering down servers, computers, mobile devices, and other network devices. While this may be the proper action to take in some circumstances, it can result in the loss of valuable forensic data in other situations. Also, malware is sometimes able to detect when its host machine has been altered. This could prompt the malicious code to go on a rampage, deleting data or replicating itself as a way to further corrupt any remaining information.
Before doing anything, check with the forensic expert your organization has partnered with to see how you should proceed. You may be able to disconnect the compromised machine from the network rather than turning it off, thus preserving the forensic data needed for a thorough investigation. Because time is of the essence in any breach response, your organization should establish a relationship with an experienced forensic expert ahead of time, and preferably include that expert in incident response testing exercises.
3. DO document your objective findings without adding any speculation. Your documentation should consist only of what you see and can verify. Assumptions, guesses, theories—these all can be misconstrued or forwarded on to others as fact, essentially creating a red herring that may seriously impact the investigation into the breach. Once something is in an e-mail, it may be forwarded to others. You don’t know where or to what extent the mis-information could spread.
Instruct others in your group to follow these same guidelines. Remind them, too, not to discuss the investigation outside the team assigned specifically to respond to the breach. Information pertinent to the investigation must be kept confidential and factual at all times, and details released to individuals not in the incident response team should be reviewed by both the legal and communications teams.
4. DON’T send confusing messages. As recent high-profile breaches have shown, a confusing message can damage your brand. If customers need to reset their account passwords, provide them with clear, concise instructions. The same goes for the implementation of multi-factor authentication protocols and even the activation of credit or non-credit monitoring services.
In addition, it is crucial to avoid communications that have the hallmarks of spam or phishing messages. E-mail messages should only come from the domain they know to be yours. Any e-mail links should be to organizations your customers recognize and trust. It’s also helpful to post a link on your website for customers to access, which will take them to these same tools in case they’re hesitant to follow the links in your e-mail messages.
Deena Coffman is CEO of IDT911 Consulting.