- Have a comprehensive incident response plan that will be implemented by a designated incident
response team with clearly defined roles. Determine who will manage the technical side of the
breach response (i.e., containment, remedy and mitigation), who will handle notifying the affected
persons and governmental entities and who will respond questions from customers, clients,
vendors, governmental authorities and/or the media. - Provide for periodic review and update of the practices and procedures
You’ve experienced a breach. Now what?
Stay calm and follow your incident response plan. If you don’t have one:
- Stop or contain the attack, remedy the issue and mitigate the damage.
- Start an investigation to determine what data has been accessed or compromised.
- If a crime is suspected, contact the local police or appropriate federal investigative agencies.
- Contact legal counsel. Members of the Lewis Rice Cybersecurity & Data Privacy Group are
continuously monitoring and reviewing the ever-changing data privacy and protection laws and
we are here to assist you. - Contact your insurance provider. Most companies today have some form of cyber incident
coverage within their insurance packages.
.
The Aftermath of a Breach
Depending on how the breach occurred, you may need to change how your company operates. You
should take some time to look at how you and your team identified and handled the breach especially
where problems arose, and learn from those experiences to avoid future breaches and/or response
issues. You may want consider the following:
- Do you need to provide additional training to your employees so that this type of intrusion does
not reoccur? - Do you need to create additional or modify existing policies or procedures to better respond to
similar situations in the future? - Do you need to change vendors or institute new requirements for vendors to avoid this type of
third party intrusion? - Do you need to include a defined incident response team into your incident response plan?
- Do you have the appropriate security measures in place? Do you need to modify any security
measures?
Education and planning are key to successful crisis management. Unfortunately, in the world we live in,
data breaches are going to occur. Working with legal counsel to develop good, robust cybersecurity,
business continuity and incident responses policies now, will help you respond, both internal and
externally, to such breaches in an appropriate and timely manner. It will also reduce the effect of such