How to Respond to a Data Breach

January 5, 2021

The best way to prevent a data breach is to be prepared for one. Implementing strong cybersecurity measures, maintaining them, and conducting regular updates are critical steps in securing systems. Educating staff about cybersecurity and training them on what they need to do to protect data and information are also crucial. Human error and carelessness are two of the primary causes of a cyberattack. Finally, your clients need a formalized plan for how to deal with an attack should one occur.

No matter what preventive measures your clients take, complete protection is not guaranteed. It is nearly impossible to stay ahead of cybercriminals. Cyberattacks are on the rise, with incidents in 2020 reaching as many as 4,000 per day. Procuring cyber liability insurance has never been more imperative to protect a business if it was to experience a data breach. So, what should a company do after a data breach? If an incident occurs, your clients need to be able to respond effectively and efficiently.

The Initial Response

A cyberattack can be daunting, but panicking will not help solve the problem. A data breach response plan helps your clients remain focused so that they know what initial steps they should take. Activate the response plan immediately. Take note of the date and time the breach was discovered, and when the response was initiated. Within the next 24 hours, your clients should also:

• Alert members of the response team.
• Secure the area to prevent access to evidence.
• Take operations offline to prevent further data losses, but do not turn off the power or tamper with any technology.
• Assess any additional risks and prioritize steps needed to reduce those risks.
• Call in the cyber forensics team to begin investigations into when and how the cyberattack happened.
• Consult with the legal team and notify law enforcement when necessary.
• Notify the cyber liability insurance provider.

The Next Steps

After your clients complete the initial steps, they must document everything that has occurred thus far to ensure their company stays on track to recover and reopen. At this point, a team should begin resolving the issues to prevent future attacks. It is essential to carefully consider your client’s company’s vulnerabilities and address any issues that need to be remedied.

Service providers, encryption measures, and network segmentation should all be examined. The forensics team can ascertain whether any of these played a role in the attack. Identify everyone who may have been affected by the breach and what information was stolen. The forensics experts will remove any tools the hackers used to access the system.

Notifications

Once affected businesses and individuals have been identified, it is imperative that they notify them as quickly as possible and let them know what information may be at risk. Make sure, however, that your clients consult with the lead investigator to time their notifications so that they do not impede investigations. Note that if the data breach involved health information, they are required to alert the Federal Trade Commission. ◼