What to Do After a Security Breach

What to Do After a Security Breach

Preparation and Practice Make PerfectPreparation and Practice Make Perfect

Just as companies have fire drills, they should practice what they will do when a breach occurs. Recognize that prevention is not enough, and practice your strategy before a breach happens.

Don't PanicDon’t Panic

A data breach is not a disaster, but mishandling one is. When the breach is discovered, calmly execute your plan, but recognize that breaches are a frightening experience.

Move Quickly But Stay PatientMove Quickly But Stay Patient

Wait for forensic results and law enforcement before you announce a breach. Why? It may be a false alarm.

Don't Go It AloneDon’t Go It Alone

Every breach is complicated and unique, so you will need different tools and external expertise for each one. Knowing who to call and what to do makes a big difference. You might need any or all of the following: forensic expert, lawyer, call center, mailing list vendor, credit monitoring service and crisis communication.

Assemble the Right TeamAssemble the Right Team

Data breaches affect all aspects of your organization. IT should not work on them in isolation. So besides mobilizing your legal department, you’ll need finance to quickly write checks for vendors, marketing communications to talk about the breach, and human resources to communicate with employees and brief the board and executives.

Get Legal AdviceGet Legal Advice

Hire only forensically licensed investigators otherwise evidence that may be important to a criminal investigation could be inadvertently destroyed. Maintain attorney-client privilege because everything you discover could be the subject of a lawsuit or investigation. Your counsel must be an expert in data breaches.

Someone Needs to TalkSomeone Needs to Talk

Crisis communication and management are important so that you determine the message about the breach and don’t lose control of the situation. You will need to send a letter to customers, regulators and perhaps shareholders. U.S. states have different requirements for the content, so you must get your message right.

Identify Lessons LearnedIdentify Lessons Learned

The experience of a data breach can improve future outcomes. Although data breaches are inevitable, you can learn from them and use those lessons to improve your operations.

Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Latest Articles