What to Do After a Security Breach
“Whether you’re an international conglomerate or a small business,” said Experian vice-president Michael Bruemmer in a recent blog post, “how you handle a data breach speaks volumes about the kind of company you are, how well you treat customers, and your long-term prognosis for business success or failure.”
The cost of a data breach can be enormous and long-lasting with brand damage and customer loss as well as financial expenses such as legal and other third-party fees and non-compliance fines.
A recent IBM-sponsored study showed that the total average cost of a data breach is now £2.53 million; the average cost per lost record is £102.
In 2015, there was a 64% increase in security breaches, according to a learnbig.com post. The post also reported that only 25% of organisations are prepared to defend against and react to a cybercrime.
Here are important steps to take in the early hours following a security breach.
Alert the team: As part of a comprehensive information security policy, there should be a response team and data breach response plan in place. The team should include employees and third-parties, if necessary, from information technology, senior management, legal counsel, public relations, and customer relations; everyone should know exactly what needs to be done. Research showed that having an incident response team in place lowered the cost per stolen record by £12.10 each.
Contain the breach: Identify the source of the breach – and stop it or contain it. Where did the breach occur, what is its scope, what information was breached, and who will be affected? Often a breach is caused by a cyber attack but it may be the result of a negligent employee or a stolen hard drive or hard copy paper documents being exposed. What’s most important is stopping the leakage.
Communication: Communicating the breach to affected parties must be handled carefully. There should be drafted statements at the ready to let employees, customers and others know what happened, what steps you are taking to address the security breach, and what you’re doing for those affected. Apologise but don’t over-react. According to the Experian blog: “Doing or saying too much before you have all the facts can be just as damaging as doing nothing.”
Legal notification: At the same time, know data protection laws and breach notification requirements in your country and industry – and act accordingly.
Ongoing support: Set up call centre support for anyone affected by the breach. Offer assistance such as free credit monitoring and/or identity theft protection.
Aftermath: It’s often said that the weakest link in a company’s security chain is employees. Teach employees how to prevent similar issues in the future. Employee training can lower the cost per stolen record by £6.30, according to the IBM-sponsored study. Going forward, also utilise multi-layered protection patching, access management, password management, and multi-factor authentication. There should be physical safeguards too, such as scheduled information destruction provided by a reliable document destruction company.
Improving information security practices has to be an ongoing process in every organisation. Download this report to stay up to date with the most recent data security trends and challenges.