Campus Technology recently wrote an in-depth response about how businesses and educational institutions have changed their response tactics post-breach. As we know from our earlier post, many companies have stopped disclosing specifics about breaches; the disclosure of specifics is not the only change to data breach incident-reporting tactics.
Dian Schaffhauser's article notes how a typical response these days is written in a tone of "sincere regret" and how it's no longer standard to offer identity theft protection; the article suggests that perhaps "best practices" have evolved and many institutions now have a response plan in place.
If you are preparing your own breach response plan, or are 'warming up for a data breach' as the Campus Technology post quips, you should have an incident response plan in place. Upon the discovery of a breach, and notification of administrators, the forensic aspect of the incident must determine if a breach occurred, of what and to whom.
"Forensics are all about analysis of a situation after it's occurred. This is only possible if the organization has access to a record of behavior and activity before and during the event. Along with understanding exactly what data was accessed, computer forensics can provide insight to the security incident that led to the breach. This will allow an organization to adjust their internal procedures to ensure the same incident doesn't reoccur. This can include everything from tighter security protocols to identifying and removing criminal elements from within the organization." - Ward Clapham, vice president of investigation and recovery services at Absolute Software.
Law enforcement agencies are as reliant on this information as businesses are, so it's important to have software in place to capture important information about data (in rest and in transit).
The rest of the article addresses the pros and cons of quickly notifying victims of a breach, weighing timeliness against having accurate and detailed information about the breach. Read the full article here.