Most small to mid-sized business don’t consider themselves to be a data breach target and therefore never develop an incident response plan. Having to respond to a data breach in real time without a plan can be challenging at best. Some would call it a nightmare.
Your obligations and approach can vary widely depending on your business and the type of information you maintain. Has data been destroyed or deleted, have passwords and accounts been compromised, have financial accounts been accessed and funds diverted, or has a database containing credit card or other sensitive information been inappropriately accessed? How do you know? A plan helps you to sort out the questions and set a direction to meet your business obligations and move systematically towards recovery.
How did you become aware? Did an external source notify you such as your bank or law enforcement? Do you believe that the incident was triggered by an internal or external event, was it intentional? Often errors by internal staff can create an exposure of sensitive information that is then utilized by an outside source or it can be a calculated collaborative effort between the two. An external hack may be the result of a targeted effort or weakness that is exploited through non-solicited emails, or a web or application interface. Regardless of what has happened and how it happened still requires action.
So what are the steps to recovery and whom do you notify? A general approach might be as follows:
Build A Team: Form a team that will be tasked with specific events addressing legal, information security, management, public relations and other concerns.
Discuss Events and Develop Approach: Identifying timelines and events leading up to the incident can be key in establishing a direction and approach for remediating and investigating the breach.
Discuss Legal and Public Relations Requirements: Understanding your business obligations is critical as this will determine what steps you must take to address any legal or regulatory concerns. Effective public relations will help preserve your business name.
Engage Appropriate Resources: This may include your financial institution, law enforcement, incident response resources, legal counsel, among others.
Commence Data Collection and Analysis: Collection of computer data, log records and other digital forensic evidence is key to any investigation. Professionals are required to ensure proper protocol and preservation of evidence. Many untrained computer personnel destroy evidence or miss the breach source so the compromise continues.
Address Legal and Regulatory Requirements: Based on your analysis you may be legally obligated to notify regulatory bodies and affected entities. Timely response is of great importance. Your business partners may need to be engaged.
Notify Affected Parties: Those affected by the breach may need to be notified by law and the protocol may vary state to state. This includes individuals that may have had credit card information, or personal and private information exposed. Others such as business partners may need to know to ensure that they too are not affected.
Assuming that law enforcement will investigate is highly unlikely. Unless your compromise a matter of national concern or has a multi million-dollar impact or you can pinpoint insiders there is little aw enforcement will do. You will need to manage the investigation largely on your own.
Maintaining a robust information security program will greatly reduce the likelihood and severity of a data breach. Having an incident response plan will provide the roadmap to address a data breach in a timely and concise manner protecting both your business and its reputation.
Please contact Network Management Solutions for more information. We can be reached at 908-232-0100 or firstname.lastname@example.org. Our website can be reached at www.nmscorp.com.