Data breaches are never pleasant. This is something businesses that have experienced a data breach can attest to. However, data breaches are nothing new. Cybercriminals that are looking to benefit from selling privileged-access data know this makes for a lucrative opportunity.
Nowadays, it is no longer a question of whether a data breach or PDPA breach occurs. Rather, it has become a question of when. This in turn will raise the question on how you should respond and contain a breach. Do you have a plan in place in the event that a data or PDPA breach occurs?
How to Develop a Data Breach Response
When creating your data breach response, keep in mind the following:
Step 01: Review the potential vulnerabilities and risks in your business data
Prior to creating a data breach response plan, you need to first identify the potential risks and vulnerabilities that are threatening your data. You also need to take into account how each risk and vulnerability can impact your operations and organisation when a data breach occurs.
- Account for malicious and incompetent employees/staff
- Be prepared for catastrophic loss of data
- Prepare for a service disruption
- Assess the risk of having sensitive data reach the wrong hands
- Ensure you are prepared to manage loss of reputation
Step 02: Establish a response team
Once you have identified the data breach, your trained response team should quickly work to assess and contain the breach.
- Team leader – This person will lead the response team and will be granted any access required to contain the breach.
- Management – Someone in the management team should be updated on the progress while the data breach is secured.
- Technicians – Computer forensic experts can help determine the root cause of the breach and resolve outstanding vulnerabilities.
- Human Resources – When employees are involved in the breach, human resources should help with the investigation.
- Legal – Since data breaches can lead to legal liabilities, a robust legal team should help ensure local regulations compliance.
- Business Partners – Data breaches may affect or involve business partners so maintaining transparency and communication with them is vital.
- Investor Relations – Maintaining a truthful and clear relationship with investors can help warrant the financial stability of the organisation.
Step 03: Ensure you implement the needed services, policies, and tools
To adequately prepare for a data breach, tools, events, and policies should be in place. Having them in place is crucial so you can detect and contain a breach while keeping the overall exposure minimal.
Step 04: Determine workflows for identification, containment, and eradication
- Identification – The root cause of the breach can be identified using forensic computing techniques and breach monitoring services.
- Containment – Once the root cause has been identified, affected systems can be contained to ensure the breach does not spread.
- Eradication – Once the breach has been contained the root cause of the breach needs to be addressed.
Step 05: Review the execution of the data breach response plan
Once the data breach has been resolved, the data breach plan should be evaluated in order to fill-in any possible holes that are discovered while mitigating the breach. Start by answering the following questions:
- Was risk management implemented accordingly? If not, what can be improved?
- Was the legal team able to give a professional representation of the organisation?
- Was investor relations handled accordingly?
- How fast did the data security and computer forensic teams identify and contain the breach?
- Did the response team leader perform his tasks as expected?
- Were the required access provided by management?
- Were partners given the information they needed in a timely manner?