Handling a Data Breach
We have all become familiar with news of cyber attacks in the media. Ransomware attacking NHS computers, Debenhams having the details of 26,000 of its customers stolen. We hear of employees misusing their positions for illegal scams such as insider trading, it seems almost every day there is a new story of carefully orchestrated and manipulative schemes to steal money, corporate secrets and private data.
We tend to hear of outages which affect large corporations and millions of their customers but hacks are also targeted at small and medium companies. New legislation to combat cybercrime in the UK, EU and the USA will make companies responsible for safeguarding information they hold, breaches of security can be punished with public disclosure and heavy fines. This is much as Health and Safety regulations hold companies responsible for the safety of their employees, even when the employee is in the breach of safety rules. Companies will be and are responsible for the security of their electronic equipment, failure to do so will be damaging.
Horrendous UK government statistics released in April 2017 show that in the previous 12 months 46% of all UK companies suffered some form of data breach or cyber attack; more than half of which led to losses of resource or finance together with the loss of reputation and customer confidence.
You can dive into more statistics here: https://goo.gl/KDGL5o
With the alarmingly increasing rate of non-discriminatory trojans floating on the internet, as well as the ease of which carefully crafted malicious emails are sent to thousands of recipients, it is essential to have processes in place following best practice guidelines to respond to a potential data breach, complimenting physical and digital preventative measures to repel an attack at the first indication of a threat.
Preparation is key to handling a data breach. No business can predict when, where or how an attack or data breach may occur, but ensuring that the right preventative measures are in place will show your customers you are prepared and in control.
An effective breach response plan
The repercussions of the data breach or cyber attack of any business can have a big impact. An effective data breach response plan not only informs staff how to handle an incident, but also incorporates the physical loss of devices, human error, and guides for managing the network to keep your business running. Your response plan must equip you to meet legislative requirements to protect data privacy and the forthcoming EU general data protection regulation (GDPR) that comes into force 25th May 2018.
Before any response plan can be developed and introduced, understanding the businesses exposure is crucial. Carrying out a risk assessment will identify the data assets that require protection, and creating a data breach response team with members from each department, will ensure that responsibility and processes to handle a situation are both understood and effective.
A breach response plan needs to include the following 6 steps:
Identify the breach - This is usually the most crucial step, defining what level of exposure the business is facing and which processes to follow. Different forms of indication should be available, such as an employee phoning to say they left their laptop on a train, automated alerts of unknown data traffic going through the firewall, or a computer on the internal network attempting to access data files without (or even with!) the correct access privileges.
Investigate the breach and containment - Determine if the breach was internal or external, isolate the device, firewall, user accounts or the entire server if necessary, and restore security to corporate data, personal information and applications.
Impact assessment - Once a data breach has been contained, assess the risks caused by the breach to not only the business but also your employees, partners, investors, and most importantly your customers.
Recovering from the breach - Work to repair the applications, systems and data in order for your business to continue to trade and operate. Prioritise what is important now for operation over what is important later.
Notification to regulatory authority and affected individuals - Implement the businesses communication strategy, use clear notification templates that promote transparency and ownership for the incident. Issue a press release that apologises to those affected by a breach, accept responsibility and affirm what actions have been taken, and continue providing updates as you implement solutions to prevent further breaches. Part of the breach response plan should include FAQ guide which will be provided to staff dealing with queries from affected individuals, as well as the notification process for any appropriate regulatory bodies.
Assess and improve - Following a data breach, assess and evaluate the breach response plan, and identifying where improvements can be made to better prepare for the future.
To help the incident response team act efficiently should a data breach occur, the breach response plan should also include checklists and templates, as well as explaining the business processes clearly. Continuously testing and revising for any changes to staff or within the business and its technology, will go a long way to effectively handling an incident.
Any form of data protection will lead to inconvenience and possibly extra work to your staff. It is important for them to understand procedures are not only for the good of the company but also their own protection. In the case of any serious breach with financial involvement, could possibly lead to criminal investigations involving them. Procedures are there for their protection as well as safeguarding the company.