To rise above the aftermath of a data breach, a business needs to prepare a contingency plan. Whether a company discovers a system intruder or becomes infected with malware, the damage must be minimized.
An Incident Response Plan (IRP) should be in place to quickly rollout a recovery procedure. An IRP focuses on actions to prepare and recover from a breach. A manager developing an IRP should consider five important objectives:
- Preparation: Designate responsibilities and establish procedures to handle an incident.
- Detection: Identify an incident early and analyze the cause of the incident.
- Investigation: Apply resources to identify the intruder and mitigate any damage.
- Restoration: Return operations to normal and reduce losses by containing the incident.
- Resolution: Determine corrective actions and provide guidance to management.
Cyber Breach Aftermath
Once the situation is under control and operations are returned to normal, the designated manager must immediately deal with the aftermath. First, the manager should report the intrusion to the police. Next, the manager should evaluate the damage and notify any insurance carriers. State officials may also need notification if required under state law.
If the intruder compromised any personal information, the victims will need to receive a breach notification letter. Many state breach laws require reporting the breach to the credit bureaus depending on the number of victims. Finally, the company should offer victims theft prevention services as a courtesy, such as credit monitoring, identity protection, and access to a call center for assistance.
Every company should take extreme care with handling a data breach. Recovery may involve more than simply restoring backups. As a business strategy, how a company handles a breach will reflect on its branding and goodwill with the public. Importantly, if a breach happens, having an IRP in place could make the difference between crashing the business or sailing to a full recovery.