Threat Tuesday: Have a Data Breach Response Plan

Blake CormierUncategorized

A serious data breach can be a worst-case scenario for a business. They often catch businesses off-guard, leading to extended downtime, loss of revenue, and in some cases the complete failure of the company. If some of your company’s sensitive data were to be exposed, what would you do? Spending the time now to develop a plan can save you precious hours if a breach occurs, and can help you to recover and get back on your feet more quickly.

Determine the extent of the exposure

Not all data breaches are created equal. We’re a few records left on a misplaced hard drive? Or is there evidence of a large-scale hack along with criminal activity? Quickly identifying the scope and source of the breach will help you to take the appropriate action.

Call in the experts

If you use an IT contractor or managed services provider, get in touch with them ASAP. For severe breaches, you may need the help of a computer forensics firm as well as law enforcement. These experts will help you to contain the breach and get back up and running quickly. Determine in advance who you will contact in the event of a breach, and keep their contact information close at hand.

Determine who to notify

After you’ve determined what information has been leaked, you’ll need to notify those who were affected. This could include individual customers, as well as vendors and other businesses. Additionally, data protection regulations such as HIPAA or PCI-DSS may require you to notify those affected in a certain way or within a set timeframe. Be prepared ahead of time to follow these regulations.

Investigate and take lessons learned

Once the root cause is identified, take the time to determine what failures led up to the issue. Was it poor patch management? A user training issue? Address those vulnerabilities, and make sure that any failures in your systems and processes are handled to protect against future problems.

Of course, having a data breach response plan doesn’t mean you won’t do all you can to prevent an exposure from happening in the first place. Taking the time now to improve your cybersecurity posture can keep you from having to put your plan into action. This includes partnering with security-focused companies like CyberCrunch. Our state-of-the-art data destruction and recycling services will keep your data from falling into the wrong hands. Contact us for a free consultation today.