How should your company respond to a security breach?

How should your company respond to a security breach?


Facebook was in trouble back in September 2018, when hackers took advantage of an exploit in one of their social media features. This led to over two billion user accounts being compromised, including personal information like usernames, gender, email addresses, location check-ins, and relationship statuses.

Perceptics, a security contractor for the US Customs and Border Protection, was hacked in May 2019. Cybercriminals gained unauthorized access to their database and stole information on thousands of people and their vehicle license plates.

Clearly, losses from data breaches can be disastrous. According to the 2019 Cost of a Data Breach Report by the Ponemon Institute, it takes an average of 314 days for a company to identify and contain a security breach, and 279 days for a business to recover from one.

How does a security breach impact your business?

Security breaches will do serious damage to your brand and its reputation, as your customers, suppliers, and even employees may lose their loyalty and trust and take their business elsewhere. Aside from the expenses, you'll have to cover due to a breach, expect fewer sales, lost productivity, and potential liabilities or lawsuits following a major security incident.

Protect your company from data breaches with a response plan

A security breach response plan offers steps for you to follow in the event of a breach. Once this stress-reducing and time-saving tool is in place, you'll be able to address the issue faster and avoid missteps during stressful situations.

The following steps will help you create an effective response plan:

  1. Set up an expert response teamPart of your response plan is to form a response team. These are the people responsible for carrying out your campaign during a data breach, and they should be reliable employees who know the ins and outs of your company.

    The size of your response team will depend on how complex your line of work is, the industry you operate in, and the size of your workforce. A typical response team would have at least one representative from HR, IT, Communications, Risk Management, Legal, and Senior Management.

    Some security breaches may be too much for your office to tackle, so it may need help from outside experts like law enforcement personnel, attorneys, and data backup and recovery specialists.

  2. Create action steps for the plan
    Your response plan must include step-by-step instructions for your team members to follow when a security breach occurs. Each member should be given a task that reflects his or her specialization. For example, finding out how the breach occurred should be done by data backup and recovery experts.Once everyone has finished their assignments, your team should be able to analyze the incident, determine what went wrong, minimize the damage, and implement whatever improvements are necessary to avoid similar events in the future.

    Make sure that every one documents all of their activities and findings. This proves that your team followed the instructions outlined in your response plan, and the documentation will provide helpful information during the post-breach analysis.

    Federal or state authorities may also require the documentation if the data breach involved information that is secured by law, including health information and credit card numbers. If your network database holds sensitive data that has been compromised, the law requires you to notify the individuals who are affected by the breach and report the incident to a federal or state agency.

  3. Follow up on the response plan
    After the breach has been contained and your campaign fully implemented, call for a debriefing session with your response team. Ask every team member to go through the steps they took and what they learned during the procedure. Your response team should describe any issues they ran into so the response plan can be tweaked as needed.

Complete Technology can address your concerns about data security. We provide innovative IT services for customers in Kansas City so they can focus on their business, not on IT distractions. Get in touch with us today to schedule your free consultation.

FREE eBook: The SMB's Guide to Cyber SecurityLearn More Here
+ +