Does your data breach response plan include data discovery?

No matter how strong your data privacy and security efforts are, an equally strong data breach response plan is a must. It’s critical for companies not only to keep private data secure, but to also respond quickly if a data breach occurs.

Organizations that act swiftly during these unfortunate events have a better chance of minimizing data loss, salvaging their reputation, remediating issues faster, and avoiding any fines that may be associated with violating data breach notification laws.

However, there are key components of an effective data breach response plan that often go overlooked—one of them being data discovery. Here’s what you need to know when developing or updating your organization’s data breach response plan.

What is a data breach response plan?

A data breach response plan provides guidelines to follow when a breach occurs. During an incident like this, your team can quickly fall into crisis mode. A data breach response plan helps keep your team on-track with well-thought-out procedures that you have established ahead of time.

Developing a comprehensive data breach response plan takes time. Especially now, with ever-changing data privacy compliance laws, it’s important to create a thorough plan that addresses who is responsible for what, action steps for handling the breach, documentation processes, and a post-breach review to update your plan and implement new safeguards to prevent future breaches from occurring.

4 core elements of an effective data breach response plan

1. Assemble a team of experts

You should designate team members who are experts in many different areas including IT, cybersecurity, operations, forensics, legal, human resources, communication, partner/investor relations, and management. The size of your response team depends on your organization’s resources. For example, in a startup, one person may be an expert in human resources, communications and management. For larger enterprise companies, you may have multiple experts for a given field. Regardless, you should have designated members on your response team that are knowledgeable in the above areas.

2. Secure physical areas

With so much of what we do moving towards the cloud, it’s easy to forget that a lot of sensitive data resides on premises too. If a data breach occurs, you will want to secure the physical spaces that house servers, hardware, workstations, portable electronics, and other devices that may contain sensitive information. Additionally, you want to protect this equipment, as it may contain evidence that’s pertinent to ongoing investigations.

3. Discover what data was compromised

Before you fix what is broken or prioritize action steps, you first need to know what data was compromised due to the breach. Performing sensitive data discovery can tell you what was compromised, who has access to that data and where that data resides. Covering all of these bases is essential to resolving your data breach and taking necessary actions.

4. Identify legal obligations

Depending on the state your business operates in and the state affected individuals reside in, you will likely have legal obligations that require you to notify those affected individuals. These legal obligations may dictate how quickly you need to notify them, the methods in which you notify the individuals, and more. This is why it’s good to have a legal expert on your response team—they will be able to verify any specific requirements your business needs to adhere to.

Sample data breach initial response checklist

The first few hours after discovering a breach are crucial. It is easy to enter panic mode. Instead, your response plan should include a roadmap with initial action steps. Here’s a sample checklist for initial data breach response.

  1. Alert your response team. You’ve assembled a team of experts in departments from executives to IT to legal counsel. Alert your designated team immediately to set your response plan in motion.
  2. Secure physical premises. This means securing on-site server rooms and areas that contain workstations, laptops, or computers that have sensitive data.
  3. Stop additional data loss. Take all affected equipment and/or systems offline immediately, closely monitor all entry and exit points, and if possible, update credentials of authorized users.
  4. Document everything. This includes the data and time on key events, such as when the breach was discovered, when response efforts began, who was alerted of the data breach, and so on. Proper and thorough documentation is critical, especially when it comes to fulfilling any legal obligations.
  5. Assess priorities and risks. Compile everything you know about the breach and decide which action steps need to be prioritized, along with the potential risks.
  6. Begin an investigation. At this point, your computer forensics team should be on board to help conduct a thorough investigation.

Why data discovery is essential to data breach response

In the United States, all 50 states have their own laws that require businesses to notify individuals whose personal information has been compromised. To get a full download on the specifics, such as how quickly you must notify affected individuals, it is best to discuss those requirements with your trusted legal counsel. As tougher privacy laws are passed, many states have specific requirements for data breach notification.

In the event of a data breach, data discovery is an essential and often overlooked step. By performing data discovery, your team gets a full understanding of what data was compromised, how much of it was compromised, who has access to that data, and where that data is located.

Without this detailed account, it’s nearly impossible to effectively deliver on data breach notification, especially in states that have strict notification laws—such as California, Delaware and Illinois.

Improve your data breach response plan with data discovery tools

Taking the right action steps is tricky when you don’t have a full picture of what data was affected, where it resides, and who has access to it. Spirion Sensitive Data Platform (SDP) has the ability to find sensitive data wherever it resides, whether it’s in the cloud or on-premise. No organization is 100 percent immune from a cyberattack or data breach, and response plans should be designed to make discovery, remediation and notification a seamless process. To learn how Spirion SDP can strengthen your data breach response plan, contact us for a free demo.

1