Over the last few weeks, I've been blogging about the pressing need to follow best practices in data security and data breach prevention. The unfortunate truth is that for every preemptive countermeasure that you introduce, devious criminals will seek and may eventually find a way around it. That is why a truly best-practice approach includes proactively establishing a crisis plan for what to do if a data breach occurs.
Your data breach crisis plan should include:
- Fire drills. Carry out periodic intrusion procedure tests, without warning, several times a year to gauge your plan's effectiveness. Make the plan accessible to anyone in your organization. Verify contact names and numbers at least annually.
- Communication with customers. Fraud involving compromised data often occurs within a week, so it’s crucial to notify customers within hours after a breach. As part of your plan, develop customer service representative scripts and media templates that can easily be customized to fit a particular event. Invest in customer engagement technologies that enable you to communicate quickly using each customer’s preferred channel (e.g., mobile app, voice, SMS, email). This can prevent potential distress due to declined transactions or fraud loss.
- Communication with other affected stakeholders. Include steps to alert partner payment companies in the wake of a data breach. You would need to quickly disseminate “not on us” foreign cards and other information to protect external organizations from as much loss as possible.
- IT response plan. Spell out all information technology steps that must be taken in the event of a breach, such as: Immediately disconnect all infected servers and PCs. Do not reboot to prevent a loss of critical forensic evidence. Block all servers from outbound activities. Reintroduce safe IP addresses slowly based on your organization’s critical needs. Never remove malware, worms or any other evidence of an intrusion before a thorough forensic examination; instead, have a qualified professional disable them to prevent additional damages.
For more on crisis management and other best practices, I encourage you to download the Insights white paper: “Best Practices for Preventing Data Breaches” (No 72, login required). The paper is based on feedback from clients who have experienced data breaches, combined with input from our internal IT security experts. If you have additional recommendations, I invite you to share them here by commenting on this blog.