Are you prepared to be hacked? Prevention is important but with ever more sophisticated attacks occurring, it is extremely important to have a incident response plan in place prior to ever experiencing a data breach.
Leaders Edge and the Department of Justice have you covered on the basics.
After an attack occurs, “Whom do you alert? How do you deal with customers who may have lost credit card numbers or other sensitive information? What do you say to reporters?” All of these questions should be covered in a good incident response plan and the Justice Department has deemed it so important that they have put together a Best Practices for Victim Response and Reporting of Cyber Incidents report.
The document recommends a plan should dictate who should be doing what, when a breach is discovered. Although much of the advice seems obvious, there are simple, yet important steps that can easily be overlooked during the mayhem of a breach. Steps include, “[how] to contact critical personnel at any time, day or night” and “[how] to proceed if critical personnel are unreachable and who will serve as back-up.”
According to Assistant Attorney General Leslie Caldwell, “this guidance is built on our experience prosecuting and investigating cybercrime, and incorporates knowledge and input from private sector entities that have managed cyber incidents.”
Additionally, the DoJ recommends that companies contact local federal law enforcement long before a breach occurs so if a breach does happen, there will already be an existing relationship. Additionally, the document stresses the importance of having a good legal staff on hand, even if that means having to “retain outside counsel who specialize in cyber breach issues,” because “having ready access to advice from lawyers acquainted with cyber incident response can speed an organization’s decision making and help ensure a victim organization’s incident response activities remain on firm legal footing.”