Cyber attacks and data breaches are clearly huge risks for organisations. It’s important to do everything possible to prevent incidents, but it’s just as important to have a plan in case disaster strikes.
What this plan consists of will vary from business to business, but it should always contain these four essential steps:
1. Contain the breach
Once an organisation notices that it has been breached, it needs to identify how the incident happened. This will allow the organisation’s security staff to take any appropriate action to prevent any further damage.
In many cases, this will mean disconnecting the organisation’s systems from the Internet, but doing this isn’t always appropriate. If the breach was caused by a database that wasn’t password protected or an insider losing a removable disk, etc., disconnecting your systems will unnecessarily halt business and probably cause panic among your staff.
2. Assess the risks
Once the threat has been contained, organisations should take some time to assess the extent of the damage and consider how to proceed. They should find out:
- What type of data is involved;
- How sensitive the data is;
- Approximately how many people’s data is affected;
- Who is affected (customers, staff, suppliers, etc.);
- Whether the information contains financial information or other high-risk data;
- Whether the stolen data is encrypted; and
- Whether the organisation backed up the data.
3. Notify regulators and those affected
Depending on the answers to those questions, organisations will have to notify regulators or the affected individuals. Notification requirements will differ depending on your country and industry, so it’s important to have this information to hand.
It’s worth noting that the EU General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018, unifies notification requirements for any breach that involves EU residents’ personal data.
4. Prepare for the future
After an organisation has responded to the incident, it should take appropriate actions to prevent future breaches. It should use the information it gathered responding to the incident as the starting point to investigate further, identifying how its cyber security measures can be improved.
This might include investing in better security technology, updating its policies or making its staff more aware of their cyber security responsibilities.
This last point is crucial, because an organisation’s employees are often its biggest vulnerability. Staff awareness training courses don’t take long and can vastly improve employees’ understanding of information security risks and compliance requirements.
Invest in staff awareness training
If you’re considering investing in staff awareness training, you should take a look at our Information Security Staff Awareness E-Learning Course.
This course goes into more detail on how organisations should respond to data breaches, and also covers:
- Antivirus software;
- Inadequate passwords;
- Backups; and
- Physical and digital information security.