Crisis Management After a Data Breach

December 06, 2013

Crisis Management After a Data Breach

Over the last few weeks, I've been blogging about the pressing need to follow best practices in data security and data breach prevention. The unfortunate truth is that for ever…

John Buzzard by John Buzzard
Fraud Protection & Compliance

Over the last few weeks, I've been blogging about the pressing need to follow best practices in data security and data breach prevention. The unfortunate truth is that for every preemptive countermeasure that you introduce, devious criminals will seek and may eventually find a way around it. That is why a truly best-practice approach includes proactively establishing a crisis plan for what to do if a data breach occurs.

Your data breach crisis plan should include:

  • Fire drills. Carry out periodic intrusion procedure tests, without warning, several times a year to gauge your plan's effectiveness. Make the plan accessible to anyone in your organization. Verify contact names and numbers at least annually.
  • Communication with customers. Fraud involving compromised data often occurs within a week, so it’s crucial to notify customers within hours after a breach. As part of your plan, develop customer service representative scripts and media templates that can easily be customized to fit a particular event. Invest in customer engagement technologies that enable you to communicate quickly using each customer’s preferred channel (e.g., mobile app, voice, SMS, email). This can prevent potential distress due to declined transactions or fraud loss.
  • Communication with other affected stakeholders. Include steps to alert partner payment companies in the wake of a data breach. You would need to quickly disseminate “not on us” foreign cards and other information to protect external organizations from as much loss as possible.
  • IT response plan. Spell out all information technology steps that must be taken in the event of a breach, such as: Immediately disconnect all infected servers and PCs. Do not reboot to prevent a loss of critical forensic evidence. Block all servers from outbound activities. Reintroduce safe IP addresses slowly based on your organization’s critical needs. Never remove malware, worms or any other evidence of an intrusion before a thorough forensic examination; instead, have a qualified professional disable them to prevent additional damages.

For more on crisis management and other best practices, I encourage you to download the Insights white paper: “Best Practices for Preventing Data Breaches” (No 72, login required). The paper is based on feedback from clients who have experienced data breaches, combined with input from our internal IT security experts. If you have additional recommendations, I invite you to share them here by commenting on this blog.

related posts

popular posts
Using mobile to reach the Latin American unbanked
popular posts
5 Keys to Using AI and Machine Learning in Fraud Detection
popular posts
A Deep Dive into the Distribution of the FICO Score Across the US
popular posts
What Is Authorised Push Payment Fraud?
popular posts
Average U.S. FICO Score Ticks Up to 706

@PythonPr models can now be deployed with #FICO. Learn how you can convert #python #analytics into user-friendly ap… https://t.co/sBDdCYE1Qo

35 minutes ago

@Soulglo76 Hi Erica, a person’s race is not a factor considered in a FICO Score calculation. Visit this link… https://t.co/6rYO0tPTZ2

1 hour ago

Hey #Raleigh, NC, we're heading your way! Score a Better Future, the FREE financial education virtual event is plan… https://t.co/mwQdqrpi4F

2 hours ago