Data breaches can wreak havoc on your organization. According to IBM, the average cost of a data breach in the United States is $9.44M. On top of that, organizations may also be subjected to damaged reputation and fines and legal implications from data and privacy regulations, such as the California Consumer Privacy Act (CCPA).
The best way to mitigate a data breach is to maintain an effective security posture, with compliant infrastructure, policy-based security, remote monitoring, and a comprehensive data backup and disaster recovery plan. However, no company is completely safe.
The following is an IT Professional’s guide to helping your enterprise recover from a data breach.
As soon as you discover that your network has been breached or your company has been a victim of a cyber-attack you should determine how the attack occurred and if the treatment is still active or if it has ended.
Was the attack initiated through the internet? Did someone gain access to a database with an inadequate password or no password at all? Did an employee open an email attachment causing malware to spread across the company? Taking a calm, methodical approach to uncovering how the threat was implemented will help reduce fears among employees and ensure that business can continue while the threat is being contained and the steps are put in place to eliminate it.
As soon as the threat has been identified and controlled, evaluate the amount and scope of the damage. This will help you gauge the next steps which should be put in place and the key personnel you will need to assemble to mitigate additional risks to your business. Here is a sampling of some of the answers you should uncover:
Before any breach takes place, you should have already selected a diverse group of staff members who will be your go-to team in the event of a data breach. They should be able to take control of the incident from every angle and be responsible for all aspects of the remediation plan.
When an attack has been discovered, the team should be informed and assembled immediately in a conference room or via a video conferencing tool to learn the details of the threat and execute on their individual pieces of the plan. This group might include the CIO, VP of Sales, Director of Customer Care, the CMO and anyone else you feel is appropriate.
They will work with each of their teams and across departments to reduce the impact on the company and customers. They will also be responsible for communicating updates internally and externally on how the remediation process is going and providing information on how a similar breach will be prevented in the future.
Implementation of an Incident Response Strategy is Critical
Your communication plan should include formal communications to employees, customers, the media, and, if applicable, to vendors/partners, regulators or law enforcement, and your insurance company In this section, we’ll focus on a few of these key components.
You will have a number of technical and non-technical personnel working on the aftermath of this attack, assessing the situation and uncovering what has happened. Assumptions, rumors and inaccurate information can spread like wildfire across the company.
Your internal employee communications plan may be directed by your company’s CEO or CMO and should strive to put employees at ease by keeping them up to date on:
It is also important to inform your employees that they may receive calls or emails from customers asking about the situation. Educate your employees on what they can say and what they should not say. You may want to provide your team with a brief statement that they can use and direct any additional questions to a more senior member of the staff such as the CEO, CMO, Vice President of Sales, etc.
In addition, reporters, bloggers, and journalists often bypass the media wall which companies put up as soon as an attack has taken place and reach out to inexperienced salespeople or technical support representatives who unwittingly answer reporters’ questions. They then find their comments spread across the internet.
Be sure to inform all employees that if they receive a phone call or email from any member of the media, they should immediately turn that request for information over to the CMO, PR agency or other assigned spokesperson. This key contact will provide a company approved answer which is appropriate for public distribution.
It is critical to implement an incident response strategy that will address how you will communicate with your customers. You will absolutely need to reach out to them if you discover that their personal information has been compromised.
But, what responsibility do you have to keep them informed even if their sensitive data has not been affected? As soon as word gets out that your company has been impacted by an attack, customers will call, asking for the details and wondering if their information is included. Will your company get out ahead of those calls, pro-actively letting them know what has occurred and that no sensitive information has been threatened? Other questions to consider are:
As we mentioned above, any hint that your company has suffered an attack will prompt members of the press to inquire about what has happened. You should be prepared for this and be ready with a vetted and approved answer which can be provided to them by your company’s spokesperson.
Reporters know that they will most likely receive a “canned” statement so they may attempt to receive additional information by reaching out to other departments who are not experienced at speaking to the media. As previously stated, be sure to inform your employees that they should turn all press questions over to your spokesperson who has been approved to speak on your company’s behalf.
In the case of a fire or natural disaster, we often wonder how first responders remain so calm and focused and can take control of the situation. Their answer is always, “We prepare for it. We train over and over again so that when an incident does happen, our training takes over and we immediately spring into action.”
Although a data breach does not have the same life or death implications, your company should train regularly to spot potential threats to critical infrastructure, react appropriately to it, and execute your plan to eliminate it. This could include:
All companies, whether small businesses or large enterprises are at risk for a data breach or cyber-attack. It is critical to remember that is it not just the responsibility of your IT department to implement preventative measures and remediation procedures. It is a company-wide responsibility with everyone doing their part.
For businesses seeking to improve their business continuity and disaster recovery plans, colocation facilities can be critical to enhancing these strategies. With colocation, you’ll have access to facilities that are compliant by design and managed and secured by experts.
Depending on your size and requirements, colocation providers can become your company's primary data center or provide a secondary site as an off-site disaster recovery facility. As a secure disaster recovery resource, colocation enables you to perform efficient backups to data center assets housed in these facilities for added redundancy.
At Evocative, we provide a full suite of best-of-breed colocation, cloud, bare metal, network, security, and managed services to help you accelerate your digital success while keeping your data safe. Learn more and contact us today.