Incident Response Tip: Five Ways to Improve Information Security and Reduce the Impact of a Data Breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.jdsupra.com/legalnews/incident-response-tip-five-ways-to-88472/

The new year will arrive in a few short days and when the bell tolls, it
will mark the end of another extremely active year of data breaches.
High-profile breaches such as Anthem, Ashley Madison, and the Office of
Personnel Management serve as a reminder that it is a matter of when, not
if, your organization experiences a data breach. Here are a few relatively
simple ways to improve information security and reduce the impact of a
potential data breach when that day comes.

Review Your Incident Response Plan

First and foremost, review your incident response plan. An incident
response plan should be a flexible playbook that evolves over time and
helps guide your response to a potential data breach. As 2015 comes to an
end, take this opportunity to see if there are any ways in which your
incident response plan can be improved. Does the plan provide enough
detail? Are there procedures that should be changed or updated? Consider
the impact of new business relationships or product lines, or whether
systems were recently deployed or upgraded. Contact information for your
incident response team, especially after hours, is a vital part of your
response plan, yet personnel changes are frequently overlooked. The worst
time to find out your CTO got a new cell phone number is when you are
trying to reach him or her at 2 a.m. on a Saturday. Even if nothing has
changed within your organization, new vulnerabilities are being discovered
and laws are frequently amended. In just the past year alone, 10 states
have formalized amendments to their breach notification laws. For a
detailed breakdown of these amendments, check out my prior article on the
subject, “State Law Roundup: Legislatures Across the U.S. Revamp Data
Breach Notification Laws,” and BakerHostetler’s state-by-state Survey of
Data Breach Notification Laws. Bottom line, no matter how good your
incident response plan was a year ago, there is likely something that
should be updated or changed. Don’t wait until you are in the middle of a
data breach crisis to review your incident response plan.

Conduct a Tabletop Exercise

There is a reason most buildings conduct yearly fire drills. Through
practice and repetition, your response to an emergency can become second
nature. Similarly, most data breaches are highly stressful events with
serious ramifications for the organization. Tabletop exercises provide an
excellent opportunity to practice your response in a low-stress, informal
setting. Moreover, tabletop exercises can help identify gaps in your
incident response plan and highlight ways in which you can become better
prepared in the event of a data breach. Therefore, consider making a data
breach tabletop exercise an annual event.

Review and Test Backup Procedures

A properly implemented backup procedure can help safeguard the availability
and integrity of company data, as well as protect against the growing
threat of ransomware viruses. According to a report by McAfee, reports of
ransomware infections have grown exponentially over the past year. Even
though backing up data is second nature to most IT professionals, many
still forget the critical step of testing those backups to ensure the
information was successfully backed up, is capable of being fully restored,
and includes all critical data. Remember that some variants of ransomware
will encrypt network shares, so it is important to segregate backup systems
from your primary network.

Audit External Service Providers

As Target learned the hard way, external service providers represent an
alternative way hackers can infiltrate your network. Consider auditing your
service providers to ensure they are using appropriate safeguards. If
possible, try to limit their access to only the data and systems needed to
fulfill their function. Remote access should be provided “on demand” when
needed but otherwise disabled when not in use. In addition, service
provider agreements should be reviewed annually to ensure that the
indemnification, limitation of liability, and cyber liability insurance
provisions are appropriate. These provisions should reflect a balance
between the amount of data at risk, the extent of the service provider’s
access to that data, and the potential costs associated with a data breach.
If a service provider has agreed to indemnify your organization for data
breaches, make sure the vendor has the financial resources to do so, and if
not, require cyber liability insurance provisions to cover any shortfall.
Be mindful of limitation of liability provisions, which routinely limit
liability to the amount of fees collected under the service agreement or
within a certain period.

Perform a Risk Assessment

If you do not know what sensitive personal information and business data
you have, where it resides, and who has access to it, you cannot implement
appropriate safeguards to protect it. When facing a potential data breach,
the inability to provide an accurate network diagram and describe the
company’s sensitive data flow will complicate the forensic investigation.
Risk assessments can help address these issues and should be performed on a
regular basis to account for new vulnerabilities, changes to the
organization’s structure or business operations, and the ability of
existing security controls to detect and defend against likely cyberattacks.

Conclusion

No amount of advance preparation can entirely prevent a data breach from
occurring. However, it is possible to reduce the frequency and severity of
incidents by following the steps discussed here.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!