June 22, 2015

5 Ways to Improve Your Data Breach Response Plan

A significant 48% of respondents in a recent SANS study experienced up to 25 critical incidents involving a data breach, unauthorised access, denial of service, or malware infection over the past two years.

No wonder security industry experts are encouraging all organisations to really think about their data breach response plan and what it does – and doesn’t do.

An incident response (IR) plan should “manage a cybersecurity event or incident in a way that limits damages, increases the confidence of external stakeholders, and reduces recovery time and costs”, according to this online article.

But the plan needs to be thought out and supported by an adequate budget and team – and that’s not always the case. For example, the SANS survey revealed that 30% of respondents don’t have any of their security budget allocated for IR. Another 39% don’t know whether they have any budget for IR or how much it is.

5 incident response best practices recommended by security industry experts:

Dedicated IR Leadership

Appointing a dedicated IR team with a Chief Information Security Officer (CISO) in charge will help the organisation respond quickly to a breach – and reduce the cost per lost or stolen record, according to an information security blog. The IR team should create a comprehensive IR policy that defines incident types and provides steps, timelines and checklists for what needs to be done in case of an incident. The policy should be kept up-to-date and be coordinated with key response departments including corporate communications, regulatory affairs, legal, etc.

The company knows what the hacker wants

Use regular security risk assessments and other means to identify the threat landscape and areas that are vulnerable to a breach in the organisation. Then, experts recommend planning only for incidents of concern to your business. The IR plan should prioritise incidents that need to be addressed first or at all, according to this article.

Timely detection is a priority        

“On the internet, a service outage of more than one hour is considered significant,” says an online article by security services company veracode.com. The SANS research recommends that compromises are detected as early as possible in the attack lifecycle. Invest in containment and other technology that improves response times.

Everyone always knows what to do

Provide on-going training for employees who manage information technology assets. What’s most important is that everyone understands what they have to do to respond to a data breach quickly and correctly. Customer service personnel especially need training on how to respond to questions about a data breach incident. Also, to stop the loss of customers following a breach, companies are encouraged to provide free identity theft protection and credit monitoring services.

Information security is a workplace given

A culture of security from the top down helps remind everyone of the company’s commitment to security. For example, integrate information security policies such as secure document destruction and a Shred All Policy into the workplace. All documents that are no longer needed should be deposited into locked containers for secure shredding. E-media and hard drive destruction should also be provided by your shredding services partner.