Data Breach Response Plan
Our Data Breach Response Plan has been in place as a guideline when incident occurs.
We have teams in each department to identify, contain and recover from the breach. Assign incident leads and ensure the correct IT resources are allocated to the most crucial aspects of the plan. Teams should include members that will handle customers, internal communication, and public relations.
2. Ensure IT resources are allocated to the most crucial departments:
Key departments to involve include:
Information Technology – Discovers and responds to the data breach.
Legal and Compliance – Determines the data retention policies. Maintains compliance standards for records retention and informs the appropriate parties.
Public Relations and Marketing – Leads customer identification and communications coordination efforts.
Sales – Leads key relationship management.
Executive – Coordinates high-level response efforts.
3. Identify what type of breach has occurred: Legal or outside counsel will identify required data retention and disclosure requirements.
Legally protected information such as customer health records, personal identification information (credit card numbers or social security numbers).
A material loss to the company such as sensitive information, trade secrets or intellectual property.
4. Secure all data to ensures that the breach does not spread and all data is secured.
5. Change all passwords and encryption keys
Put all affected machines, devices, and systems on lockdown. Change any passwords or encryption keys immediately. As always, only use a trusted source and store this information securely.
6. Clear malicious code from systems
If the breach involves any viruses or malicious code, allocate the resources needed to clear them from our system in order to begin to recover. We also equipped with an effective backup strategy for our digital information.
7. Identify the source of the breach
Once we contain the breach, our team investigates its potential cause. We document all investigation and mitigation efforts carefully. Record all interviews with internal and external personnel and update legal teams.
8. Alert the authorities and legal counsel
If we need to call in outside help or need to involve law enforcement. We consult with executive leadership teams and legal counsel to determine any additional response teams needed.
9. Protect digital evidence found
We have detailed set of instructions and approved methods to protect any digital evidence. The response teams continue to carefully watch the status of the breach. They can also ensure that more information is not compromised.
10. Notify data owners about the breach
When we contain the breach and investigations are underway, we put our restoration plan into action. We notify data owners. This includes customers or employees. Let them know that their information was compromised. Notify them as soon as possible so that they can take the necessary steps to protect themselves.
11. Activate public relations response teams (if needed)
Executive management team and legal counsel will determine if it is necessary to communicate Public Relations Team.
12. Fix vulnerabilities to prevent another breach
After a security breach, our team should take a look at what happened and fix any vulnerabilities so that it can’t happen again. Decide if we should change service provider access privileges for those involved.
We segment our network so that a future breach in one sector won’t expose sensitive information in another sector. Work with team to find out what weak points in security made this breach possible, including reviewing logs and who had access to the appropriate information. Take the recommended measures to ensure networks continue to be secure.
13. Alter preparation plans for potential future breaches
We will also review our data retention policies and adjusting them. Our IT and compliance teams would come together and determine the lowest amount of customer or other data to retain according to regulations.