How to respond to a data breach: Best practices

By Surendra Singh, Country Director, India and SAARC, Forcepoint

“The greatest glory in living lies not in never falling, but in rising every time we fall”

The famous revolutionary, political leader, and philanthropist Nelson Mandela’s words reverberate strongly with technology firms who have embarked on their digital transformation journeys. While corporates from across geographies were keen to jump on the cloud migration bandwagon, they are now stand at the cusp, wherein new challenges are threatening their success and security. This migration from archaic data centres to cloud infrastructure enabled enterprises to host their data on the cloud for improved agility and competitive advantage. However, with data moving to cloud infrastructures, it has now become a target for hackers. But does a data breach truly imply the end of a firm?

Corporates do not necessarily need to shut shop when data breaches occur.If addressed correctly, such security roadblocks can be leveraged to catapult the firm to emerge stronger. Armed with a data breach response plan, firms have a better chance at mitigating the losses incurred during the breach. Globally, companies such as British Airways, SingHealth, Cathay Pacific, Uber and Marriott have bounced back after instances of serious security breach and regulatory fines. Therefore, a strategic data breach response plan is required to emerge stronger from such inflections.

By following these best practices for a data breach response plan, companies will be able to retain business, customers, and shift brand perception in the market.

Data Breach Response Plan
It is critical to deliver timely responses in case of data breaches, which requires a streamlined response plan. To maintain a data breach response plan, firms need to identify key organizational players who should be on the incident response team. Typically, this constitutes personnel from Human Resource, Legal, Governance, Business Continuity Officer, Information Technology, Security, and Communication teams. Additional partners such as law firms, Public Relations firms, and security teams should be included in the response team in order to execute the plan.Gathering the stakeholders and documenting a response plan with detailed actionable and owners ensures a defined path for the initial steps.

On Time and Transparent
During the instance of a data breach, it helps to have a 24-48 hour response plan – especially in case of personal data breach, or compromised user credentials.Enterprises must ensure rapid communication and response to data breaches, since large data breaches do not remain secrets for very long. Firms should strive towards communicating the nuances and next steps of the breach both internally to employees and to external stakeholders like investors, clients and partners. Furthermore, working with any applicable regulatory body helps corporates adhere to legal requirements and regulations while implementing the response plan. For instance, a GDPR incident response plan would ensure disclosure to the proper authority within 72 hours of discovering the occurrence of a breach (Article 33). Failure to do so could subjects your organization to hefty fines.

Construct a Communication Strategy
It is a challenge to understand the overall impact of a breach only through initial assessments. Therefore, it is important to prepare for worst case scenarios and initiate outreach accordingly. Maintaining email templates, company statements that can be transmitted across digital channels (social media, email, website, response/KB articles with details, blogs), along with press releases and customer portals is imperative. In order to maintain this strategy in place, firms must actively engage with credit reporting companies, financial companies, and theft protection services, along with PR and the news media.

Identify root Cause beyond technical aspects
While ascertaining technical aspects of the breach is critical, understanding how people interact with these tools is paramount to understanding breaches. Any firm’s upkeep, maintenance/patching, best practices in architecture, audit/reporting, data model flow mapping, identity/credentials and access management involves people and business processes. To meet the evolving security challenges, firms have to focus on the human element involved.

Strengthen your posture
Fortifying data protection strategy is crucial with or without data breach instances. While immediacy in response is critical during a breach, it is more important to develop a robust security posture and assess risk exposure over time to ensure overall data and IP protection. This requires long term investments on part of the company. Minneapolis-based Target Corporation, one of the largest retailers, serving guests at more than 1,800 stores globally,didn’t just eliminate the login credential exposure and focus on wireless network strategy within the stores, it rolled out EMV-compliant POS terminals and re-issued RED cards with Chip-and-PIN over an extended time frame.

Securing a firm from data breaches is like navigating a minefield: there exist numerous intangible challenges that can throw one off guard. But armed with the right tools, one can successfully navigate through the hurdles unharmed. Creating a 360 degree response plan takes time, planning, long term strategy and the right team to create the winning legacy.

Wherever you are in your journey as an enterprise, whether you are racing to the cloud or focusing on safeguarding critical IP in a new service or offering; invest in new innovation around data protection for driving the overall security approach.