Cyber Lawyer on Your Side

Best Practices: Data Breach Detection and Response

Written by Anna Limoges & Kelsey Heino | Mar 25, 2021 7:54:34 PM

It’s not a matter of who will be affected by a data breach, but when. The pandemic has awakened a pandora’s box of data predators. For a company, breaches are costly, both financially and in other ways, including the devastating toll it can take on a reputation. Many breaches occur due to an inadvertent insider or human error. In general, a company can decrease the cost of a data breach by formulating a response plan that decreases the time to detect a breach and lays out procedures for the best possible rapid response.    

Prevention

The best practice in every business is to educate every employee that may have access to information on how to identify the signs of a data breach. Depending on the data, a company can also purchase programs to assist by shooting up red flags when a potential breach may have occurred. Generally, red flags should go up when it becomes apparent there are changes in files, abnormally slow systems and devices, any irregular activity, abruptly locked-up accounts, and any unusual traffic flowing out of the business. Some signs may be more obvious, such as a customer calling to let you know that his or her credit rating changed recently.

A training program should be customized for each business so that employees are aware of specific tactics to prevent a breach and identify a breach in its early stages. A company should also be aware of any data protection regulations that may apply to its business. Depending on the company, it may be wise to put a team in place that can assist in training and developing response plans. Training and compliance with data protection regulations can be reinforced with vulnerability assessments—systematic reviews of security weaknesses in an information system which evaluate if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation. Prevention will help in identifying a breach early and responding appropriately.

Early Detection and Response: Have a Plan for Disclosure and Notification

Even with regular, quality training, data breaches happen. It’s therefore crucial to have a plan in place for that unfortunate reality. Every data breach plan should include a procedure that prioritizes early breach detection. With training, vulnerability assessments, and knowing where information is located, detection can occur early and help prevent extensive damage. The plan should have a timeline in place that begins with immediate reporting of any signs of a data breach. There should be a rapid approach to correct vulnerabilities and protect any further information from being compromised. An appropriate goal for this first step is to take action within 24-48 hours after learning of a breach.

Notification, of course, should be a part of the response plan. No matter how much a company may want to keep a breach a secret, a large breach will not remain secret for long. To avoid potential fines, the response plan should include disclosure policies for proper notification to authorities if needed. Release information quickly and advise customers how to proceed on their end, including different options they can take to limit their personal exposure. A company should have an idea of how it will communicate with its customers in the event of a breach. For example, have a drafted email and letter to customers prepared ahead of time as well as a press release if need be. Consider having your legal advisers review these documents. It is essential to be proactive in responding to a breach.

Recovery

            Once a breach occurs, an investigation of the root cause should begin. The root cause will then lead to an idea of how large the breach may be. A company should always overestimate the damage and exposure rather than underestimate.

            Recovery can take place once the root cause is identified. Heightened protections should be put into place to strengthen security—not increasing protection after a breach is a common mistake. Build up your defenses when a weak area is attacked. The company can emphasize the increased security when communicating with customers, which can lead to stock price recovery and other positive results related to customer reassurance.

Conclusion

            In today’s virtual world, it is almost guaranteed that a data breach will happen at your company. Every company should expect it and have a plan in place with the goals of preventing extensive damage, rapid resolution, and continued brand loyalty.