Developing a Data Breach Incident Response Plan
(SPEECH)
[MUSIC PLAYING]
(DESCRIPTION)
Red Travelers umbrella logo. Text, Developing a Data Breach Incident Response Plan. Data security. A triangular icon with a red lock covers rows of 0s and 1s.
(SPEECH)
SPEAKER: Data security, it starts with staying one step ahead.
(DESCRIPTION)
A shield icon appears in crosshairs. A skull and crossbones flashes over a globe.
(SPEECH)
Help protect your business and work to avoid potential damage to your brand and customer confidence.
(DESCRIPTION)
A magnifying glass scans a bug.
(SPEECH)
Here's how to help prepare for and strategically respond to a data breach.
(DESCRIPTION)
Gears turn in a computer. A computer and routers flash.
(SPEECH)
First, assess your data security to identify and correct security gaps. Establish a response plan so that decisions do not have to be made under pressure should a breach occur.
(DESCRIPTION)
A pen writes on paper. A clock spins. The skull icon flashes on a laptop screen.
(SPEECH)
If a breach takes place, these tips can help minimize damage.
(DESCRIPTION)
A lock icon hovers over a folder.
(SPEECH)
Determine whether the breach involved sensitive data, carefully manage and document all evidence of the breach of sensitive data, and assemble your team, and investigate the root cause of the breach.
(DESCRIPTION)
A row of people type on computers. Gears spin.
(SPEECH)
Now it's time to take action, secure all affected data, devices, and systems from the breach.
(DESCRIPTION)
A laptop with a key on the screen is connected to lines with locks on the end.
(SPEECH)
Be sure to change passwords and encryption keys immediately. Notify data owners and affected customers of the breach and take steps to mitigate. Finally, dive into lessons learned to refine your security program and response strategy.
(DESCRIPTION)
An envelope containing a bug flashes. A person points to this on a screen to teach others. Speech bubbles overlap with a lock icon in the center.
(SPEECH)
To learn more, visit travelers.com.
(DESCRIPTION)
The red umbrella logo. Text, Visit Travelers.com. Developing a data breach incident response plan. Copyright 2018 The Travelers Indemnity Company. All rights reserved. Travelers and the Travelers Umbrella logo are registered trademarks of The Travelers Indemnity Company in the U.S. and other countries.
Data breaches and theft are reported daily, and hackers continue to find ways to attack data, in spite of tools and strategies to tighten data security. Every business should plan for the unexpected, including a data breach that can hurt your brand, customer confidence, reputation and, ultimately, your business.
It is important to develop an incident response plan to help you detect an attack and have procedures in place to minimize or contain the damage. Your plan can begin with being aware of the data security regulations that affect your business and assessing your company data security gaps.
Once you have your plan in place, test it often. Early detection of a breach is a key benefit of an effective incident response plan.
Be Prepared and Plan Ahead
- Establish a response framework. An effective incident response plan contains a framework for action where key decisions are made ahead of time and do not have to be made under pressure.
- Publish incident notification procedures. This information should be published for all personnel, including employees and contractors. It can also be part of new hire orientation and routine employee awareness activities.
What to Do if a Breach Occurs
- Validate the data breach. Be sure to examine the initial incident information and available logs to confirm that a breach of sensitive data has occurred.
- Manage the evidence. Carefully document all investigation and mitigation efforts. Any interviews with key personnel should also be documented. You should seek advice from your legal counsel on the approved methods for protecting digital evidence.
- Assemble your incident team, and begin investigating the breach. Your response team should also continue to monitor the status of the breach.
Decide on effective outside help. Any decision to involve outside resources, including law enforcement, should be made by consulting with executive leadership and legal counsel. - Take action to mitigate the impact. Act quickly to reduce the impact as much as possible. You should work to identify and secure all affected data, machines, devices and systems, as well as isolate and preserve the compromised data. Be sure to change encryption keys and passwords immediately to prevent further access. Your network should be cleaned of malicious code, which may take a lot of resources depending on the size of the breach.
- Notify data owners. If your customers' information is exposed, affected individuals should be notified as soon as possible and within the timeframe of the federal, state and local laws. Your public affairs or media relations staff, in conjunction with executive leadership and legal counsel should word the notification in a straightforward and honest manner.
- Conduct "lessons learned" and tests for continuous improvement. Your company should always hold a "lessons learned" meeting after the recovery phase to refine your data security program and breach response strategy.
Are You Prepared for Cyber Risks?
A detailed cybersecurity guide for small and medium-sized businesses.