What is a Data Breach Response Plan: How Do I Create One?

What is a Data Breach Response Plan: How Do I Create One?

A data breach response plan is a strategy that helps businesses detect and respond to information security violations in a quick and coordinated way. Having a response plan will minimise the financial and reputational damage that comes with a breach incident and ensures compliance with GDPR rules.

If your business is unprepared following a data breach, it will put you under huge pressure. Under GDPR rules, a breach incident must be reported to the Information Commissioner’s Office (ICO) without delay and within a maximum of 72 hours.

Trying to cope with meeting compliance rules and simultaneously managing the fallout of a data breach will stretch your resources and disrupt day-to-day business operations. That’s why we cannot understate the importance of your business having a data breach response plan.

Worryingly, according to a PwC Global Economic Crime and Fraud Survey, just 30% of businesses  worldwide have a data breach response plan in place. Unfortunately, in the event of a breach, no plan often means slow action by which time the long-term damage may have been done.

How to Create a Data Breach Response Plan

To avoid the pitfalls that follow a data breach, here’s how to create a robust, effective response plan:

#1 – Assemble a data breach response team

Assembling a data breach response team ensures an effective and efficient way to mitigate the damage and execute your response plan. Having a team that’s aware of its responsibilities means that your plan can be activated the moment a breach is discovered.

The size of your organisation will determine the structure of your team. It could include the following personnel:

  • Data Protection Officer
  • Data Breach Response Team Coordinator
  • Legal and Compliance Officer
  • Head of IT
  • Human Resources Manager
  • Marketing and PR Executive

Each individual role plays its part in a coordinated response. However, activating the team isn’t always necessary. It’s down to the person responsible for compliance at board level  to decide if a breach is so serious that it needs escalating to the data breach response team based on who has been affected, the potential legal, financial and reputational ramifications and the disruption to the business.

#2 – Get cyber insurance

Data breaches are a daily threat to your business, so having cyber security insurance as part of your data breach response plan gives you coverage if you have to activate your response team. Having the right insurance coverage is crucial to safeguarding your company against significant financial losses.

You can then call on your insurance policy as part of your response plan to protect the wellbeing of your business financially.

#3 – Include a containment process

Having a containment process as part of your plan means that your response team and other personnel know exactly what to do to contain a breach when it’s discovered. This should include:

  • Date and time recording of the breach
  • Alerting and activating your response team – including the date and time of activation
  • Closing down systems affected
  • Gathering documentation

#4 – Include an evaluation process

Every response requires an evaluation process to identify areas for improvement in cyber security. An evaluation should include:

  • An initial investigation into the breach
  • A risk assessment
  • Establishing the priorities following a breach
  • A forensic investigation into the breach – you may need to engage a forensics firm for this

#5 – Include a notification process

Your data breach response plan should include a notification strategy to, where required,  alert the authorities within the 72-hour timeframe and any people that have been affected by the breach. This is where you can utilise your marketing and PR team and seek legal advice to effectively, and honestly, make the necessary people aware of a breach incident.

#6 – Include a prevention plan

Your response plan should have a future prevention plan to improve your data protection measures. A prevention strategy should include:

  • A review of the findings into your investigation
  • An update of your response plan
  • A plan to train staff on updated procedures and responsibilities
  • An audit of your response process

Expect the unexpected

Data breaches can happen unexpectedly and it’s best to be prepared. It’s a cliché, but fail to plan, then you plan to fail. You might think that protecting your IT is sufficient, but with more than 80,000 cyber-attacks occurring per day, you can never be too careful.

The time, cost and resources it takes to develop a plan will be significantly less than experiencing a data breach.

If you would like to create a data breach response plan, get in touch with DPA/OK today.




How to Handle a Data Breach: 6 Steps to Take

How to Handle a Data Breach: 6 Steps to Take

Data breaches come with many consequences for your business, the most severe of which is loss of customer trust and damage to your reputation. Building your reputation takes years, but it can be destroyed in an instant by a data breach. However, there is a right way and a wrong way to handle a data breach…

With data protection heavily regulated, even more so since the introduction of GDPR Laws in May 2018, there’s greater pressure on your business to comply with legislation and protect the personal information of customers. So, what should your business do in the event of a data breach?

Here are 6 steps you should take to handle a data breach the right way and recover:

#1 – Get confirmation of the breach

Before you push the panic button, get confirmation that a breach has occurred. It’s not uncommon for a hacker to send an anonymous email to an unsuspecting staff member claiming that your firewalls have been breached. This is often a ploy to trap companies into giving up data unwittingly.

Check with your in-house IT team or external service provider to determine if a breach has occurred. Diverting resources to deal with a non-existent breach can cause disruption to the day-to-day running of your business. It’s best to be sure so that you know what you are dealing with.

#2 – Contain the breach

If a genuine breach has occurred, contain it. Time is of the essence when trying to stop a breach, and how you contain it depends on the type of attack the business is facing, plus the systems affected. To stop a breach:

  • Isolate any system(s) you know the hacker has accessed to prevent the breach from compromising your entire network
  • Disconnect any breached accounts
  • If a specific department in your business was targeted, shut it down

Once the breach has been isolated and contained, you can then take steps to eliminate the threat and prevent further damage. For example, depending on the type of attack your business has experienced, reformat affected systems and restore them or blacklist the IP address from which the attack originated.

#3 – Check the damage

Once the threat has been extinguished, you will need to assess the damage done by the breach. Understanding how the attack happened enables you to put preventative measures in place to stop a repeat incident.

You will need to ensure that all affected systems are checked for malware, which can remain dormant and spark future attacks.

When assessing the damage, gather information on:

  • The type of attack
  • How the attack was administered (i.e. through user accounts)
  • The data that was targeted
  • Whether the data was encrypted and can be safely restored (i.e. check if the data was backed up)

#4 – Inform people affected

Assessing the data breach will reveal who has been affected. This is where you have to take ownership of the breach. According to nCipher Security, a staggering 61% of businesses worldwide said they would cover up a data breach if it meant they avoided a fine.

This is not advised. You are likely to be found out and would face severe sanctions.

The repercussions are likely to be less severe if you make every effort to ensure any customers, stakeholders, the authorities and anyone else that needs to know, are aware of the breach.

You are required to report a data breach to the Information Commissioner’s Office (ICO) within 72 hours.

You can notify those affected by a breach by email, phone or any other method of communication you would normally use.

Reporting a data breach goes a long way toward maintaining your integrity and rebuilding your reputation long-term.

#5 – Conduct a security audit

Once the necessary initial actions have been taken, you should conduct a security audit to review your company’s current security measures and how they can be improved to prevent future breaches.

In fact, security audits should be a regular part of your operation. This will help you to find gaps in your security systems and improve system infrastructure. You should have a strategy in place to check network and server systems, IP blocks, open ports, rDNS networks and security certificates to ensure that your business is protected against malicious attacks.

#6 – Improve preventative measures

A regular, thorough security audit will expose flaws in your systems, which will help you improve preventative measures to stop attacks. Data breaches are a regular threat to your business and it’s likely that you will be targeted more than once if an attacker is successful the first time round.

It’s important that you’re ready. Having a strategy is the first step towards your recovery.

Create a data breach response plan

Prevention is better than cure, and creating a response plan is the final piece of the jigsaw in effectively handling a data breach. Having a company-wide strategy ensures that your staff can better identify the signs of a data breach and raise the alarm quickly.

Most companies don’t become aware of a breach until it’s too late. Having a data breach response plan in place can help you minimise the damage done, reduce fines, decrease the negative press and enable your business to recover more quickly.

Protecting your reputation

How you respond to a data breach has a huge bearing on your company’s ability to recover. Customers, stakeholders and more share their sensitive information with you, with an expectation that you have the proper security measures in place.

A PwC study carried out in 2017 revealed that 92% of customers expect companies to be proactive about data protection. As your reputation is most likely your best asset, you must be prepared to handle data breach incidents in the right way.

For help with preventing data breaches and complying with GDPR rules, get in touch with DPA/OK today.