BreachExchange mailing list archives
8 steps to take if your company gets hacked
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 7 Dec 2018 08:36:05 -0600
https://neworleanscitybusiness.com/blog/2018/12/06/8-steps-to-take-if-your-company-gets-hacked/ Over half of U.S. companies will be hacked this year. The best way to deal with hacking is to take actions to deter and manage it. That means putting together a team led by management, the chief information security officer, the IT officer, the head of security, public relations advisers and outside counsel. This team can forge an information security plan, including establishing a group to respond to data security problems and developing and executing procedures to respond to a data breach. Here are eight steps to take if your company gets hacked: Recognize that immediate action makes a difference. You need to have the team and a response plan in place prior to any hacking incident. This involves making certain that communications made regarding key decisions are made subject to the attorney-client privilege, which means operating through outside counsel. Prior preparation will not only allow you to respond quicker, but also in a more efficient and less costly manner. Train employees so they know their responsibility if a breach occurs. Breaches may not be discovered immediately. You must train employees to recognize a breach, to whom to report a breach and the consequences of not doing so promptly and properly. That requires setting up a clear procedure for reporting. Train employees differently based on what they need to know. Not everyone needs to know everything when a breach occurs. Most have to secure their own password and secure how they send emails or other messages to avoid hackers, but not everyone needs to be aware of all the details of a data breach response plan. Decide what they need to know and make sure they are trained to take the action they are required to take. Train employees to employ the right language in communications. Depending on the industry, terms like “security” and “breach” may have a legally defined meaning. Communications that assert a “security breach” has taken place may come back to haunt you in a legal proceeding. Qualify the language. For example, talking about a “potential” breach may have different consequences than declaring that a breach has occurred. Contain the damage. Take action to stop more data from being stolen or damaged. Specific actions depend on your information security plan. Consult with your IT team on taking the proper steps in the context of how you have been hacked. Generally, you want to isolate infected computers, networks, or systems and avoid taking steps that wipe out forensic data and jeopardize actions to determine the identity of the attacker, the type of attack and the route into your systems and networks the attackers exploited. Separate operational issues from legal issues. To minimize legal exposure, It is important to make as many things possible subject to the attorney-client privilege to minimize legal exposure. This need should be managed and balanced with the reality of operational necessities. Document your response actions. Regulators want to know whether companies they examine have exercised due diligence (reasonable and adequate steps) to protect data and information. You need to show them that you understood the problem from the outset, including anticipating the possibility of a breach, and had put procedures and processes in place to manage the problem and mitigate the risk and damage. Regulators will not take your word for it. Show them what you did. Stay on top of notice requirements. You may have to notify persons in all 50 states. Each state has its own breach notification rules. Consult ahead of time with counsel to understand who you have to notify of a breach and the timing and content of the notice, including disclosures on the means and manner of the breach. Make certain you comply with notice provisions in contracts with third parties. Sometimes third party vendors promise to handle notification, which can be risky. You need to stay ahead of the curve and ensure that notification is properly dealt with. Taking these steps can save you not only millions of dollars, but also lost time, damage to reputation, interruption of business operations and unwanted legal exposure to fines, penalties, attorney fees and other avoidable headaches. The key is to work with management, relevant company officials and counsel on the front end so that if a breach occurs (and recognize that a breach is likely to occur), you can manage the problem and minimize the legal exposure and damage. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- 8 steps to take if your company gets hacked Destry Winant (Dec 07)