The number of high profile data breaches that have hit the media headlines in recent years is certainly a wake-up call to organisations to be more prepared if it happens to them. But it’s not just the high profile ones that are being targeted. It’s all organisations and it’s across all sectors.
A recent study that we carried out with over 300 SMEs in the UK that hold personally identifiable information on behalf of their customers, revealed that almost a third of them do not have a data breach response plan in place. This rose to almost a half of small businesses with up to 50 employees. The reality is that the smaller a business is, the more financially vulnerable it is likely to be to the instant revenue impact following a breach – not to mention the damage to its reputation.
When a breach is discovered swift action and strategic thinking is essential. If you have not prepared and indeed practiced a breach response plan on how your organisation will respond, reassure and recover, the impact can be significant.
The first 24 hours are critical so following these steps will help to reduce the impact:
1. Record the date and time the breach was discovered, as well as the current date and time when response efforts began (eg. when a member of the breach team was alerted).
2. Alert and activate everyone on the response team – including external resources – to begin executing your preparedness.
3. Secure the premises – around the area where the data breach occurred to help preserve evidence.
4. Stop additional data loss. Take affected machines offline, but do not turn them off or start probing in to the computer until your forensics team arrives.
5. Document everything known thus far about the breach, including who discovered it, who reported it, to whom was it reported, who else knows about it, what type of breach occurred, what was stolen, how was it stolen, what systems are affected and what devices are missing.
6. Interview those involved in discovering the breach and anyone else who may know about it. Document your investigation.
7. Review procedures disseminating information about the breach for everyone involved at this early stage.
8. Assess priorities and risks based on what you know about the breach.
9. Bring in your forensics team to begin an in-depth investigation.
10. Consult your legal representation and senior management to clarify if any regulatory agencies should be notified and, if so, notify them.
And from this point the real challenge of recovering begins.