Data Breach Response: The First 24 Hours Post-Discovery

By: Stephen Treglia | 8/7/2015

There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result. Is your organization prepared to act quickly to mitigate the damage and to meet compliance regulations?

In an article I contributed to DARKReading, The First 24 Hours In The Wake Of A Data Breach, I examine the correlation between how quickly an organization can identify and contain a data breach and the subsequent financial consequences. The key to quick response time, and reducing costs, is having an effective data breach plan set up with people trained to know how to put it into place. Just like practicing for a fire drill, rehearsing a data breach response plan is crucial.

The first crucial 24 hours after a data breach are all about identifying the severity and scale of the breach and implementing your data breach response plan. This will include:

  1. Diagnose the situation and enact automated controls. For example, in the case of a stolen laptop, a company would activate any underlying embedded technology solution to either remotely delete the data, track the stolen device, or cut its connection to the corporate network. This helps you contain the breach.
  2. Assign roles to address legal and containment issues and to interact with stakeholders.
  3. Document the analysis & investigation.
  4. Review your response and existing policy to establish what was handled well, and how it can be improved for the future.
  5. Learn from your experience and continue to monitor compliance requirements, implement security audits and regularly educate staff, the weakest link in any organization.

Though it may seem impossible to identify, contain, and analyze a data breach all in 24 hours, it is possible with a well-thought-out and rehearsed data breach response plan. Learn more about how to turn around your data breach response in 24 hours in my full article.

Financial Services