What is a Data Breach
A data breach is a security incident which involves the unauthorized access, disclosure or retrieval of valuable sensitive data by an entity. Data breaches involving personal information such as credit card numbers, healthcare histories, or and Social Security numbers are the most common today.
A credit card data breach may involve anything from scooping up personal credit or debit card information, to exploiting the personal account data of an individual for malicious purposes. In any case, this can negatively impact an organizations reputation for privacy protection. In order to forestall this unpleasant event, every savvy organization needs an effective data breach response plan. This will ensure quick response to a data breach, significantly reducing the impact of a breach on the affected individuals, its associated costs, and the potential reputational damage.
PLAN OF ACTION: The following detailed steps should be applied once an organization suspects or discovers a data breach:
Contain The Situation
The first action should be to limit the effect of the data breach. Stop the ongoing unauthorized practice, change or revoke the access privileges, and take the impacted devices offline, but do not shut down the system. The goal here is to ensure communication to and from the affected devices are limited without committing any action that might lead to loss of evidence or corrupt/erase any clues. In order to identify practical strategies that will help you contain a data breach, it will be ideal to address questions such as:
- How did the data breach occur?
- Is the sensitive information still disclosed or lost without authorized access?
- Who gained unauthorized access to the information?
- What strategies can be employed to minimize the risk?
Whatever the case, be careful not to destroy valuable evidence that may be helpful in identifying the cause of the data breach.
Determine the Impact and Take Action
Assessing the data breach can help an organization determine the potential risks and how they can be addressed. Ensure the system auditing and logging remains operational as this will help you determine the level of the breach and how effective restorative strategies. If the existing system auditing has been disabled, ensure it is restored before you proceed, as this will help determine whether the data breach activity is still ongoing and when it can be established that this malicious activity has concluded.
Next, lock credentials or change passwords as you prepare to investigate the cause of the breach. This will ensure the termination of the action if it is still ongoing since data breaches often rely on compromised credentials and passwords. Ensure this action is applied across all the affected accounts.
Gather and evaluate as much as information about the breach as possible. Create a picture of the data breach: what information was assessed? What devices were compromised? Which accounts were involved in the process? What is the nature of damaged caused by the breach? Can this damage be eliminated through an effective remedial action? Determining the scope of the breach will help an organization understand the level of damage to the affected individuals, and identify appropriate steps to minimize its impact.
How did the Breach Occur?
Resolving the impact of a data breach alone is not enough; it is important that you determine the cause of the breach to avoid a temporary ‘treatment’ situation. What were the circumstances surrounding the breach? To what extent did the damage occur? Was the system unpatched for a specific vulnerability? Was an unauthorized laptop plugged into the company network? Or was an un-encrypted mobile device left carelessly or lost by an employee and subjected to blackmail?
Once you have determined how the breach happened, understanding what needs to be done will be a much easier process. Do you simply need a software update? Or do you need to wipe a stolen device remotely? Resolving a data breach may also involve changing the network firewall rules, increasing the alert system, or running antimalware scans. Whatever this may involve, ensure you take action immediately.
Notify Victims Immediately
Notification can be effective in mitigating data breaches. This action can benefit both the organization and the affected individuals, and it is a two-stage process:
You may need to involve legal, PR, customer service, HR department, and other relevant stakeholders that can aid the cleanup of the unauthorized action.
The next challenge is notifying the affected individuals. This can be an especially challenging time for an organization as notifying affected individuals may cause unnecessary anxiety especially when the data breach poses little or no risk. It can also desensitize the affected individuals so they do not take notifications seriously, even when there is a major risk of damage. As such, each incident should be considered individually to determine whether a notification is required.
An effective data breach response involves minimizing or eliminating damage to the affected individuals, while protecting the reputation and interests of your organization. Here is more information from the United States Federal Trade Commission on responding to a card data breach. In addition to the aforementioned steps, identify areas your organization needs to improve and work on preventing the next breach. This will boost your organization’s chances in the future – and ensure effective reputation management.
About The Author
Angela De Steffano
Staff writer at High Risk Merchant Account LLC
Angela is a merchant account specialist and heads the marketing team at HRMA-LLC.