Filter by Category

Data Breach Response Plan Resources

Lock down your data with data breach resource info from GoAnywhere

What is a Data Breach?

The definition seems obvious for any organization. A data breach occurs when data that was supposed to be protected from unauthorized access is exposed, either maliciously or unintentionally.

What may not be as clear cut is all the many, often sophisticated, ways that sensitive data can be compromised. These include malicious attacks, accidental mistakes, and simple human error. Confidential information can fall into the wrong hands during electronic file transfers, accessing lost or stolen devices, or because of those ever-so-clever hackers' infiltration into a company's servers. Even sending an unsecure email can qualify as a data breach, depending on the information it contained.

Video: How to Think Like a Hacker and Secure Your Data

What is Your Data Breach Response Plan?

Sometimes known as an incident response plan, a data breach response plan is a critical component to ensure your company is able to properly respond to a data breach. As complex as the causes of data breaches can be, the steps for responding to one are fairly straightforward, though they can also be time-consuming, stressful, and expensive. However daunting crafting a response plan can seem at first, dealing with the aftermath of a breach will be monumentally more challenging if a plan is not already in place.

Cybersecurity experts often use the familiar warning , “it’s not a matter of if you will be breached, but when.” A little prep now can go a long ways in providing peace of mind down the road.

Related Reading: 10 Tips to Protect Your Company’s Data in 2021

Generally agreed upon steps include:

  1. A thorough, extensive documentation of events leading up to and immediately following the discovery of the breach
  2. Clear and immediate communication with everyone in the company about what happened, and how they should respond to any external inquiries
  3. Immediate notification and activation of the designated response team, especially legal counsel, to determine whether law enforcement and/or other regulatory agencies need to be involved
  4. Identification of the cause of the breach and implementation of whatever steps are necessary to fix the problem
  5. Development of messaging and deployment schedule for notifying those whose data was compromised, based on counsel from lawyers who will review state laws, compliance regulations, and other mandates affecting what the messaging must say and how soon notification must occur, as well as what compensation to affected victims should be provided

Need more detailed guidance on how to put together a plan in preparation for a data breach? Check out these Data Breach and Incident Response Plans.

Additional Data Breach Resources

If your company does not yet have a data breach plan in place, or if you've been thinking it might be time to update your current policy, here are a few resources that you'll want to review.

On-Demand Webinar: How to Prevent Data Breaches with GoAnywhere MFT

Explore how adding a secure managed file transfer solution to your cybersecurity strategy can help safeguard critical data in transit and at rest. In this live event, you’ll see how GoAnywhere MFT can help prevent data breaches through features like:

  • File transfer/encryption automation for reduced user error
  • Integrated file encryption technologies (e.g., Open PGP and AES)
  • Audit logs for all file transfer and admin. activity
  • Extensive security controls for stringent in-house policies and compliance requirements

Experian’s 2020-2021 Data Breach Response Guide

This guide details the measures you can put in place today to greatly minimize disruption and damage to your organization. It addresses how the COVID-19 pandemic upended business and fueled the acceleration of digital transformation and impacted cybercrime.

Data Breach Response Handbook (Bryan, Cave Leighton, Paisner law firm)

For those with limited access to legal counsel, this PDF provides an overview from a legal perspective of how to prepare for a data breach. While this document should not substitute for seeking advice from a lawyer who knows or can learn the details of your specific situation as well as the laws that apply in your state and industry it does provide some good general information that could help you launch a discussion with your legal team.

Vendor Contracting Project: Cybersecurity Checklist, Second Edition (American Bar Association Cybersecurity Legal Task Force)

The American Bar Association Cybersecurity Legal Task Force has released an update to the 2016 version. It was developed to assist lawyers negotiating vendor contracts on behalf of clients, but the information contained can be considered by IT teams as part of their planning. The checklist provides plain language guidance on incorporating cybersecurity protection in contracts with third-party vendors and gives insight into potential threats and vulnerabilities. The checklist covers vendor selection, including how to conduct a risk management assessment of potential vendors to identify risks and vulnerabilities. It also covers contract preparation with customizable sample contracts and vendor management best practices.

Definitions of Personal Information and Breach of Security by State (Baker Hostetler law firm)

If your company does business in more than one state, this is a great starting point to review how different states' data breach laws compare. Again, it doesn't take the place of your legal team, but it's a helpful overview.

Learn how IT management can defend against data breaches in our whitepaper, Defending Against Data Breach: Developing the Right Strategy for Data Encryption.

Download Whitepaper

Related Posts

3 Lessons Learned from a Data Breach

Data breaches increase year by year, and hackers become more confident and inventive. Learn the top three takeaways from recent security breaches, and how you can protect your data.

How a Data Security Breach Puts Your Organization at Risk

Data security breaches are no longer the stuff of nightmares – instead, the number of breaches increases every year. What impacts do businesses see after a data breach, and how can they avoid them in the first place?

How to Revamp Your Organization's Cybersecurity Program

Re-evaluating your cybersecurity program may not be top-of-mind, but it’s an essential step to upping your cyber resilience. Read on to discover ways to re-evaluate and strengthen your existing policy and response plan.

I’ve Just Been Breached, Now What?

Being targeted by a hacker is a terrible ordeal. If you suspect your organization has been breached, use these tips to get on your feet and respond quickly.

Think Your Customer Data was Exposed? Follow These Steps

Has your customer data been exposed to a breach or vulnerability? Follow these steps to act quickly and ensure you align with industry notification laws.