Crisis Alert: How to Respond to a Data Breach
Don’t get caught in the darkest timeline. The number of data breaches and cyber attacks is increasing. Javelin Strategy & Research says fraud losses from existing bank accounts and credit card accounts were up 45 percent last year to $16 billion. Welcome to the new world of work — with new and advanced threats.
The good news is that companies are realizing that how they react to a breach can be just as important as the technology infrastructure they use to defend themselves against attackers.
“Customers will always judge a business by the swift action it takes, rather than what got you into trouble in the first place,” said Jason Maloni, SVP at communications firm Levick, as quoted in the Wall Street Journal.
So if you’ve been breached, and don’t know how much of your customers’ personal information has been stolen, what do you do? Let’s break it down into steps.
Establish a data breach response team
Even though the technical pieces are typically handled by IT security, your overall response to a data breach requires a team of multiple people from various departments. Depending on the size and complexity, it should at least include the manager of the program experiencing the breach, the CIO, chief privacy officer, general counsel, someone from your crisis communications team, and an executive from finance or procurement.
Prep your employees on roles and responsibilities
It’s important to make sure employees are well versed when it comes to your data breach response plan. As your plan is tested and refined, make it a point to spell out everyone’s roles and responsibilities. And make sure everyone assigned with a role knows how information flows (or needs to flow) between departments during a crisis, and how decisions are made within the organization. Timeliness is critical when responding to a data breach, and not being able to find the right people for an important decision can be costly.
Assess the extent of the breach and its impact
The assessment step is when it’s necessary to gauge the extent of the risk and how stakeholders might be harmed. Once that’s determined, businesses can then determine whether customers should be notified. Since your responses could often be highly visible, even public, make sure company officials are thoroughly briefed on how to articulate the breadth of the situation. The more details you can provide the media or customers, the better off you’ll be if the situation escalates. If you’re found to be hiding important information from your customers, the PR hit could be devastating for your organization. Be open and upfront.
Have a clear process for reporting data breaches and know which agencies to notify
If you haven’t already, you should establish procedures for quickly reporting a suspected or confirmed breach. As mentioned in the second bullet, knowing where to go for information during a breach is critical. A well-crafted response plan lays out which resources are best suited to respond to a particular request for information or action. Once things inside the organization are perfected, response times to external organizations and agencies will improve.
Analyze responses and identify lessons learned
Businesses should always review and measure their responses to a data breach, even the most basic actions that were taken. By identifying the lessons learned, companies can build that expertise into its compliance and governance models that deal with security and privacy. And keep testing and refining your response plan — you don’t want a major incident to be the plan’s first test.
And that’s where we can help. Learn more at www.stratixsystems.com or call us toll-free 1-800-444-2943
About Stratix Systems
With offices in Reading, Lehigh Valley, Philadelphia and Central and Northern New Jersey, Stratix Systems is one of the region’s leading technology solutions partners —with the people, resources and experience to deliver the IT, content/document management and imaging support you need: where, when and how you need it. In fact, very few providers in the region can match the vast array of total business solutions and responsive service available from Stratix Systems. It’s no wonder why we are the partner-of-choice for over 4,500 organizations throughout Eastern Pennsylvania and New Jersey.
Have a question? Get an answer. Our experienced systems experts would be happy to answer your questions, help you explore your options and develop a customized plan for you. Learn more at www.stratixsystems.com or call us toll-free 1-800-444-2943.
This post originally appeared on WorkIntelligent.ly, authored by Ricoh USA’s George Dearing.