informa
/
Announcements
Event
HOW DATA BREACHES HAPPEN & WHAT TO DO WHEN THEY HAPPEN TO YOU | June 23 Virtual Event | <Get Your Pass>
PreviousNext
Risk
3 min read
article

Taking Some Of The Sting Out Of Data Breaches

Anyone who has suffered a recent data breach involving regulatory or legislative data knows the investigation can be an excruciating process. The investigation is subject to time constraints as to how long it takes time to prepare and notify affected individuals. Statutes may apply to the company requiring customers to be notified within X number of days. And, of course, breaches never occur when it's convenient for the victim. So what can you do to streamline the investigative process and make
John H. Sawyer
Contributing Writer, Dark Reading
April 24, 2009
Anyone who has suffered a recent data breach involving regulatory or legislative data knows the investigation can be an excruciating process. The investigation is subject to time constraints as to how long it takes time to prepare and notify affected individuals. Statutes may apply to the company requiring customers to be notified within X number of days. And, of course, breaches never occur when it's convenient for the victim. So what can you do to streamline the investigative process and make it less painful?"Five Ways To Survive a Data Breach Investigation," by Bill Brenner, does a good job of covering some of the stages of response that can certainly help organizations get back on their feet. The highlights include designing your response plan to be quick, not touching anything, involving legal counsel, deciding whether the investigation should be loud or silent, and educating employees. Great advice, but I think there is a piece missing -- public relations.

Having a response plan built for speed should include a team made up of not only techies, but at least one person from general counsel and one from the PR group. The PR rep is there to help with the game plan on how to handle releasing the information to the public, writing the notification letters, and setting up scripts for the call center (which may be necessary to handle the inquiries from concerned customers/clients).

I also recommend that the team meet a couple of times a year to review and update the response plan to address changes in corporate policy, legislation, or regulations that impact what must be done if certain types of data are breached (like personal or health info). The response workflow needs to have all parties plugged in to be successful.

Definitely take a look at Bill's article, and see if your incident response plan includes those items and the PR aspect I mentioned above. If not, then you could be in for a world of hurt when it's your turn to be the victim of a breach.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports
Editors' Choice
How to Turn a Coke Can Into an Eavesdropping Device
Robert Lemos, Contributing Writer, Dark Reading
iPhones Open to Attack Even When Off, Researchers Say
Dark Reading Staff, Dark Reading
Mastering the New CISO Playbook
Chaim Mazal, Senior VP of Technology and CISO, Kandji
What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers
Tara Seals, Managing Editor, News, Dark Reading
Webinars
More Webinars
White Papers
More White Papers
Events
More Events
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports