Managing a Data Breach: Seven Steps to guide you in Breach Preparedness

Assemble an Internal Incident Response Team

The foundation of any breach preparedness plan is having a well-prepared incident response team. It is important to have a team that is well-versed in privacy and security matters that can take the lead in handling the incident response should you experience a breach. Companies that suffer a breach without having put an incident response team in place often waste valuable time trying to get organized and assign/define responsibilities; thereby stalling the breach remediation process.

Reevaluate Existing Privacy and Security Systems and Procedures

The most effective incident response plans use existing privacy policies and procedures as a framework. Developing your incident response plan in this way provides you with an opportunity to review those policies and get a clearer picture of the preventative measures already in place and also helps to avoid duplication of effort. For example, if your company has privacy incident documentation protocol, it probably isn’t necessary to develop new protocol for breach incidents as a part of the incident response plan. Instead, it is more productive to expand the documentation protocol to include breaches.

Establish Relationships with Law Enforcement, Regulators and Breach Response Service Providers

Establishing these relationships is an important part of your breach preparedness and helps to avoid the de facto practice of selecting a vendor in the midst of the breach crisis. For example, speaking with breach response service providers yields very concrete benefits. The cost savings that result from the opportunity to negotiate for lower prices without the time pressure of a live breach are perhaps the most obvious benefit. Beyond cost savings, establishing relationships and contracting with breach response service providers before a breach gives your organization major advantages in the response planning process that can help make your incident response plan most effective.

Crisis Simulation

The jury may still be out on whether practice makes perfect, but it does make you (probably) better prepared. Now that you have assembled both your internal and external breach response teams, it’s time for a dry run. It is important to know how your organization would fare during a breach crisis and identify any gaps. There are several ways to approach breach crisis simulations, but doing a tabletop exercise as well as a “live” simulation is recommended.  That said, work with your service providers to develop a simulation exercise that is inclusive of all incident response team members, internal and external.

Supplemental Employee Training

As part of your organization’s privacy program, you’ve probably already trained your employees on privacy fundamentals like data collection, retention, use and disclosure. But you may not have provided training on basic breach response procedures like whom to call, the first point of contact and what constitutes a breach. Lack of training can lead to innocent missteps in the early stages of breach response that can have major repercussions later. As a result, it is a good practice to train all personnel and third-party contractors on basic breach response protocol.

Litigation and Regulatory Investigation Preparedness

After the discovery of a breach, regulatory investigations and class-action lawsuits are almost certain to follow. Defense preparation for these increasingly inevitable legal actions can begin well before a breach has occurred, and this preparation doesn’t require the assistance of legal counsel.

Documentation is key. Keep impeccable records of all the actions your organization has taken to prepare for and protect against a data breach, like creating an incident response plan and employee training. Consider developing a documentation protocol to ensure that all of your preventative actions are captured.

Your Incident Response Plan and Preventative Measures

Breach response costs are not likely to be a line item on the budget sheets of most organizations. Accounted for or not, most companies will eventually experience a breach and incur the costs associated with its remediation. It is prudent to account for such expenses in your financial planning in some manner. One way of predictably incorporating these costs into your organization’s budget is to purchase cyber-liability insurance.

Regardless of how your company chooses to account for these costs, it is imperative that they not be overlooked. Identifying funding for action items in your incident response plan is also crucial, and it can ultimately determine the effectiveness of your plan. The best incident response can be rendered ineffective without the appropriate funding.