ThirdSpace ThirdSpace
ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
Load more
26 April 2018

Data breach response best practices: How to avoid a ‘knee jerk’ reaction

Mathew Richards

Don’t panic! Here are a few tips to help you react to a data breach, calmly.

Knowing how you’ll respond to a data breach goes hand in hand with the measures you are taking to avoid it happening in the first place.

With the threat of crippling fines hanging over every business, the need to follow – and be seen to be following – best practice is critical.

The recent Facebook and Cambridge Analytica scandal has highlighted the value of data, but also the serious concerns of both the public and regulatory bodies when it comes to security and privacy.

All businesses need data – and it needs to be made available to partners and employees – to operate successfully. But now more than ever, there needs to be assurances that it’s being held with integrity and shared safely.

GDPR is just one factor that has already prompted significant and necessary investment in cyber security, user awareness training and next generation technology.

But businesses can’t remove the possibility of an incident completely.

 

Limit the damage when the inevitable happens

Good security and information governance should reduce the likelihood of a data breach, but also limit the damage when the ‘inevitable’ happens…

Pre-emptive testing and investment

Ok, so vulnerability scans, penetration testing activities and regular spot checks are obviously intended to reduce the likelihood of an incident happening in the first place.

But if you are taking robust steps to try and anticipate issues that may arise when transferring data, then it will obviously help your case if you are to experience a dreaded cyber-attack.

“Protection measures and rights management technologies is only going to be viewed positively.”

Likewise, proactively deploying protection measures and rights management technologies is only going to be viewed positively. For example, Azure Information Protection can prevent documents being saved, forwarded or printed unless the document author, or company policies allow it.

Preparing for the worst, taking steps to mitigate an attack, and documenting everything will make your life a lot more comfortable when you must produce your report in the event of a data breach.

Incident response policies and strategies

Despite your investment in risk assessments, employee education and protective monitoring, your worst nightmare has happened.

Now you want to avoid a knee-jerk or delayed reaction – either of which is only likely to make the situation worse.

With clear incident response policies and procedures, you can ensure a calm, collected and measured response from your organisation.

“You want to make sure the right questions are being asked.”

For example, providing your team with a simple checklist can help them quickly locate the cause, make an objective assessment of the impact, and take the necessary actions to prevent any further damage.

If this document is missing – or creates any ambiguity – then your response will be inefficient, slow and probably inappropriate.

Who’s been affected? Who do I contact? How do I remedy vulnerabilities? You want to make sure the right questions are being asked – and answered – and communication lines are clear.

The ICO offers a great document to get you started: ‘Guidance on data security breach management’.

‘What if’ scenarios

Providing checklists, or run books, for staff to manage flows of activity is just the first step in the right direction – you want to make sure they’ve had exposure and input beforehand.

Everybody on your team should be on-board with the process and ‘battle ready’ – and not just at the most senior level.

Work through ‘what if’ scenarios with everyone on your A, B and even C teams, so they are ready for any incident management requirements.

External support

‘What if’ scenarios are useful, but they can’t remove the human factor.

Your employees will inevitably have an emotional attachment to their areas of responsibility.

When an incident happens, they will be under extreme pressure and undoubtedly stressed, which could compromise their actions no matter how well prepared you think they may be.

By using a third party – particularly at the triage stage – you will gain an objective view on the situation. This offers you piece of mind that the right steps are being taken.

Suppliers

It’s not enough that you are taking the necessary precautions and making the necessary preparations in your business. It’s crucial your suppliers assist you in meeting those standards – and you can transfer liability where appropriate.

Demand it – and make sure it’s reflected in any contractual arrangements.

You don’t want to be liable for the actions they have or haven’t taken in the event of a data breach.

Make sure you’ve got proof and can gain compliance statements if or when you’ve been compromised.

 

Conclusion

One of the most important aspects of good security governance is the ability to react quickly and effectively.

If you put the steps in place and take the necessary precautions, you can rest easier than most knowing you can meet reporting obligations in a robust manner – and minimise the damage to your organisation in the process.

You may also like...

Blog

Comprehensive security, privacy and compliance with Microsoft 365

Blog

5 simple ways you can help your users spot a phishing attack

Recent Blog Articles

View All
Author
Mathew Richards
Head of Mobility & Security
Learn More
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, Security and Compliance.

ThirdSpace

Welcome to ThirdSpace, the new home (and new name) for Oxford Computer Group UK.

Oxford Computer Group UK officially rebranded as ThirdSpace in the UK on 16 October. This rebrand reflects our broadening identity and security solutions, as working practices extend from the office and home into working flexibly and collaboratively from anywhere – Your "ThirdSpace".

Continue to ThirdSpace
ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.