How to Create Incident Response Plan Steps for Data Breaches

by Veriato | Nov 30, 2018

How to create a data breach incident response plan

An estimated 34 percent of companies have experienced data breaches in the last 12 months. With those odds, every organization should be prioritizing cyber security and cyber attack management. Take the time now to put together a data breach incident response plan utilizing these steps, so if your organization is affected, you’ll be able to respond as quickly and effectively as possible. Here are some key steps the plan you create should include:

Alert Your Team

Make sure you have a security incident response team assembled. They should be the first ones alerted to a data breach. Those team members can call in experts as they see fit based on the incident. They are also responsible for alerting legal, HR and corporate communications as necessary.

Pinpoint the Problem

The incident response team should first take steps to detect the breach. Now is the time to review security system logs and data, anti-malware programs, and user activity. This information should allow your team to identify how the breach happened and ascertain what systems were affected.

Minimize Damage

Once you’ve identified where the incident occurred, you should take steps to contain the damage. You will probably need to disable network access for computers known to be infected and install security patches to correct the vulnerability. If any accounts were breached, have the users reset their passwords. Restrict access for any insider known to be involved in the attack.

Recover Systems

To restore service, you’ll first need to perform comprehensive network validation and testing to make sure your systems still work. Be sure to certify the attacked system as well as any system it may have contacted. Reinstate security measures on those systems and check your backups to make sure they are still secure.

Analyze Fallout

Once your systems are secure, you can start to assess the damage. How did the attack effect business operations and at what cost? Was data actually stolen? How will news of this breach effect your organization’s reputation and brand?

Notify & Comply

Now is the time to take steps to notify parties that are required to know about the breach. Affected parties should be made aware so that they can take steps to protect their personal data by changing passwords and checking on their financials. Some data breaches are required by law to be publicly revealed. Notify your legal department so they can ensure you are compliant.

Learn from it

Unfortunately, data breaches are a real and present risk for businesses today. If your organization experiences an attack, make sure you regroup after the smoke clears to make an action plan to prevent future breaches. Consider updating your security systems or increasing your IT budget. You may also want to deploy new programs, like employee monitoring software to help you effectively track user activity and catch suspicious behavior more quickly. Additionally, you can consider introducing new cyber security education and policies for your employees so they can better protect your system from attack.

It’s always better to be prepared for a data breach than to be immobilized if you are attacked. Create your incident response plan now so that you’ll be able to quickly deploy it and minimize damage to your network.