The likelihood of a company facing a data breach is steadily increasing. In Symantec’s 2016 Internet Security Threat Report they found ransomware attacks increased by 35% in 2015. In 2016, we witnessed several massive data breaches, Hilary Clinton’s email leak, the Panama Papers and several large corporation leaks like Yahoo and Target.
Data breach preparedness is at the top of everyone’s minds. In 2016, 86% of companies said they had a data breach preparedness plan. Even though more organizations are giving data preparedness more attention, very few are giving the issue sufficient attention. The Ponemon Institute found that 38% of organizations had no set time period for reviewing or updating their plan and only 27% of organizations felt confident in their ability to minimize the consequences of a breach.
To help you develop your data breach incidence response plan here are 5 tips:
Maintain a flexible Incident Response playbook
A data breach incident response playbook is designed to take the team through a data breach disaster, from one action to the next. The plan needs to be flexible enough to be suitable for most incidents and any unforeseen events. The plan should be tailored to the company and act as a living document, constantly changing to adapt to the company’s evolving functions, technologies and needs.
Review new information risks- and know where to find this information
Data threats are constantly evolving. Keeping tabs on the threats that your organization faces is key to remaining prepared. Checking current threat reports can indicate what the most likely threats for your organization are. Some great resources are:
- Data Privacy Monitor
- Privacy Rights ClearingHouse
- Data Breach Watch
- Search Data Breach results on Statista
- Office of Inadequate Security
Keep tabs on laws & regulations that may affect your plan
Every year government agencies change their regulations concerning data protection and breaches. For example, the government may change laws governing how quickly you must notify impacted parties of a data breach. Ensure you are aware of changes and that your plan reflects these adaptations.
Train your employees
Simply having a plan isn’t enough during a data breach. Ensure your employees have practiced the plan and understand their individual roles.
Identify a forensic service provider in your plan
Once a data breach is discovered many companies are left scrambling to find a forensic firm to investigate the causes and impact of their breach. On average, it takes 43 days from the time of engagement with forensics to complete an investigation. In the BakerHostetler 2016 Data Security Incidence Response Report, they found many of these cases were delayed due to researching the best forensic firm and negotiating services agreements. BakerHostetler, recommends finding a forensic firm ahead of time and developing a relationship with them.
Today’s companies rely on information and maintaining the integrity of that information to conduct business worldwide. Many organizations bear this responsibility as well as ensuring that the very processes on which their critical information passes maintain its confidentiality and availability. In the unpredictability that is cyberspace, having reliable and customizable cloud-based solutions is an excellent way to keep resilient against dynamic threats. Please contact Cloud Carib to discuss how we can assist you in maintaining your no-downtime enterprise.