Posted on November 14, 2017 | | Categories: File Security
As we continue to put our data online, through social media channels, cloud storage, and email attachments, we open ourselves up to the possibility of data breaches and other attacks. The answer to this problem isn’t to stop using the internet, of course. But organizations today need to pay serious attention to their cybersecurity gaps, put guidelines in place to prevent a breach, and strategize how to limit the damage done by an attack when preventative measures fail.
The number of breach attempts and successes is rising. In 2016 alone, Tech Republic reports that “approximately one billion records were compromised,” with the majority of breaches happening in the government, retail, and technology industries. “The takeaways definitely show a trend,” they write. “Companies aren’t planning for all possible intrusion contingencies. … Breaches keep happening, and they’re happening in large part because of poor security planning.”
Creating a response plan, sometimes known as an incident response plan or a data breach response plan, is not a cakewalk. It requires time, focus, research, and company resources. Once the plan is created, it needs to be tested and updated regularly. But regardless of those requirements, it’s a critical component of your cybersecurity policy that will ensure your organization can properly respond to a data breach.
Having a plan in place is not an optional step for IT teams. The causes of a data breach can be complex, all-consuming, and stressful, not to mention expensive. Without a thorough response plan, data breaches can be monumentally more challenging—and that’s only if you know what steps you need to take to respond. No response plan and no knowledge of how to address a breach? That’s a recipe for disaster.
But thankfully, it’s one that’s easily avoidable with the right resources.
If your company doesn’t have a data breach or incident response plan in place yet, or if you’re ready to update your current policy to address the latest changes in cybersecurity, there’s no better time to make the jump than now. Here’s a list of the best resources on response plans we could find in the industry.
Guide for Cybersecurity Event Recovery (National Institute of Standards and Technology (NIST))
Use this comprehensive, 44-page event recovery guide to help your IT team plan for and recover from cybersecurity incidents like data breaches or ransomware attacks. It’ll walk you step by step through the stages of planning, improving, building, and understanding your recovery policy.
6 Steps to Making an Incident Response Plan (Security Metrics)
Looking for a quick how-to on making an incident response plan? This blog post provides a six-step summary for the busy IT professional. Each section is simple and digestible. It may not be a full walkthrough, but if you just need a review or a place to get started, this is the resource for you.
Data Breach Response: A Guide for Business (Federal Trade Commission (FTC))
You should strive to have a response plan in place before a data breach happens, but the FTC believes it’s never too late to look ahead. Use this 12-page document to review what you should do once your data has been compromised. Even if you’re not in the middle of a data breach, knowing this information now could save you time and stress later on.
GDPR Webinar - Data Breach Notifications and Response Plans (Squire Patton Boggs)
Is your organization affected by the General Data Protection Regulation? (If you store or process any data from Europe, the answer is yes.) This webinar PowerPoint slidedeck from the law firm Squire Patton Boggs lists how GDPR-compliant companies should respond to a data breach once the GDPR goes into full effect next year.
Planning & Managing a Data Breach (Lexis Practice Advisor Journal)
Written from a legal perspective, this document covers everything you need to know about preparing your organization for a data breach. Learn about the benefits of creating and maintaining response plans, and learn exactly how you should develop a data breach avoidance and data breach response plan. It’s a detailed read, but very worthwhile.
10 Steps for a Successful Incident Response Plan (CSO Online)
Like the article from Security Metrics (above), this is another helpful, but definitely longer, how-to. Use this list of steps to ensure your incident response plan is strategic, testable, and accurate—not only in theory, but in practice.
Definitions of Personal Information and Breach of Security by State (Baker Hostetler Law Firm)
If your company does business in more than one state, this is a great starting point to review how different states' data breach laws compare. These data breach charts shouldn’t take the place of your legal team, but they’ll give you a helpful overview.
Is there a response plan resource you think should be in this list? Share it in the comments!