Creating and Implementing a Data Breach Response Plan
Houston, Texas March 04, 2013
Businesses of all sizes are targeted for data mining; but it’s the small and medium sized businesses that are being overwhelmed by the hackers, and exposing sensitive information
E-Investigations, a Houston, Texas based computer forensics and investigation firm finds that hundreds of millions of pieces of personal information are exposed in data breaches every year, and unfortunately for those who are victimized by such incidents; it seems that nearly all of them were easily preventable. In a study of nearly 1,500 data breaches suffered last year and tracked by the Open Security Foundation – a total that was up 35 percent from 2011 – it was found that there were about 242.6 million records were exposed last year alone, according to a new study by the nonprofit Online Trust Alliance. However, some 97 percent of those investigated would not have taken place if the organization responsible for protecting the data that ended up being exposed had adopted industry standard best practices for safeguarding it, including having internal controls. In all, only 26 percent of breaches examined were the result of either internal threat by knowing employees or accidental exposure.
“Businesses of all sizes are targeted for data mining; but it’s the small and medium sized businesses that are being overwhelmed by the hackers, and exposing sensitive information,” said Gary Huestis, Director of Digital Forensics at E-Investigations. “Having a comprehensive data breach plan and updated security settings is the responsibility of every business, otherwise they put consumers, employees, companies and shareholders at an unacceptable risk.”
A data breach response plan is a course of action intended to reduce the risk of unauthorized data access and to mitigate the damage caused if a breach does occur.
Here are 10 crucial steps of data breach response planning:
- Use resources such as business impact analysis (BIA) and disaster recover (DR) methods to identify your organization’s most sensitive data and implement actions to protect data based on the severity of the impact a breach would have.
- Perform a high-level risk assessment of your IT environment and identify vulnerable areas.
- Implement measures to reduce the likelihood of breaches caused by human error.
- Address security on multiple levels: Educate employees on social engineering tactics; ensure that data is encrypted. Make sure that processes involved are as streamlined and automatic as possible to maximize compliance.
- Learn the specifics of current federal and state data breach legislation.
- Ensure that the breach response team has authorization to take necessary steps immediately when a breach occurs so that crucial time isn’t lost obtaining permission for action.
- Test your response plan frequently and address any weak areas as soon as they are discovered.
- Find contact information for forensic companies, such as E-Investigations, law enforcement agencies and legal and public relations firms that you will deal with in the event of a breach and establish relationships now.
- Provide training for responders on, for example, evidence collection. Ensure that any required certifications are in place.
- Create a plan for how a breach will be disclosed so that the news will be communicated swiftly, transparently and effectively. Include your solution to the problem and a way for those affected to contact you.
There is also financial incentive for businesses to adopt a data breach response plan, with the most obvious being the cost of mitigation following such an incident. Last year alone, organizations that suffered data breaches paid some $8 billion to cover associated costs. E-Investigations also found that one of the biggest problems that can cause these incidents is that many workers are now storing sensitive private data on personal devices they bring with them to and from work, significantly increasing the chances of exposure in the real world, the report said. As such, more controls likely have to be put in place to make sure this data is properly protected.
It is essential to hire third-party experts such as E-Investigations rather than using the internal IT department personnel because that way they can ensure that the evidence is handled appropriately. Computer forensics experts can maintain a proper chain of custody, avoid data spoliation and authenticate the evidence. Additionally, an important factor to consider is that, unlike internal IT staff, third-party experts do not usually know the suspect personally, reducing the risk of them sabotaging the hard drive to help or to incriminate the suspect.
E-Investigation’s Computer Forensic Investigators follow the trail and decipher the information regardless of whether the evidence is digital, such as electronically stored information found on computers, tablets, mobile phones or other devices or if the investigation requires traditional private investigative services. E-Investigations’ tools and techniques include surveillance, undercover work and detailed record searches. The final product helps our clients gain a deeper understanding of what has happened or what is occurring. The gained clarity and discovery of truth allows our clients to quickly respond and recover.
Gary Huestis is the Director of Digital Forensics at E-Investigations. Mr. Huestis is an EnCase certified examiner and a licensed private investigator.
Call us toll-free at 877-305-4935