How Your Company Responds to an Incursion Into Your Corporate Or

How Your Company Responds to an Incursion Into Your Corporate Or

How your company Equifax, Yahoo, Arby’s, Target, Home a cybersecurity insurance policy—and Depot, Deloitte, JPMorgan Chase, understand it. To guard against insur- responds to an incursion eBay, LinkedIn, Sony Pictures—it’s ance fraud, many policies will not allow into your corporate or a list of impressive companies that a company to claim the time employees seems to grow by the day. What do spend responding to an incident. customer data can mean they have in common? They all had Ask your insurance provider if it has the difference between to publicly announce data breaches a reporting template or instructions that put customers and their personal for how to validate and provide proof a disaster and a difficult information at risk. of services rendered. Knowing this PR problem. At Jabian, we are helping CEOs, CIOs, in advance and incorporating it into and CISOs prepare and respond to data your action plan will help you and your breaches around the globe. How a com- vendors create the needed documenta- pany responds can potentially make or tion throughout the process. break the company and its leadership Having master service agreements 2016 Average Incident Source: BakerHostetler (case in point: the near immediate in place with third-party responders Response Timeline resignation of Equifax’s CEO). before or immediately after an incident A good response can increase brand occurs can ensure you have the right prestige. It can delay or remove the people—with the necessary skills— risk of lawsuits. It can even lead to an available when you need them. Your increase in the company’s stock price. insurance may even cover their help. 69 7 These recommendations can help you Be aware that insurance typi- DAYS FROM DAYS FROM right the ship if your company is the cally covers only the investigation, OCCURRENCE TO DISCOVERY TO target of a data breach—and help you emergency containment activities, DISCOVERY CONTAINMENT keep your job. and notification of affected parties. Recovery is not typically included. It’s assumed that doing those activities Make Sure You Are Covered in the first place would have prevented Data Breaches Can Happen to Anyone the incident from occurring. Don’t forget about hard-copy DISCOVERY OCCURRENCE In today’s environment, it is almost records. As reported in Baker- CONTAINMENT a question of “when,” not “if,” a data Hostetler’s Data Security Incident breach will occur. Make sure you have Response Report (BakerHostetler, 10 THE JABIAN JOURNAL Number of Data Breaches and Exposed Records (in millions) in the United States Sources: Identity Theft Resource Center; CyberScout 1093 1000 783 781 750 656 662 614 498 419 447 500 446 321 223 250 169 157 128 92 86 67 37 19 36 16 23 17 0 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 DATA BREACHES EXPOSED RECORDS (IN MILLIONS) 2016), incidents involving paper office to orchestrate coordination is should you communicate? And who records accounted for 13 percent of vital to surviving the data breach. In within your company is responsible for all incidents in 2015. More common addition to the company’s key execu- communicating? Are there any legal among health care incidents because of tives, the response teams will typically requirements for when you must com- HIPAA requirements, BakerHostetler include incident response, legal, municate? If you are a public company, recommends that you ensure paper external legal counsel, IT operations, how could communications and timing records, in addition to electronic third-party forensic investigators affect your public filings or your reports records, are included in your infor- and responders, corporate com- to analysts and investors? mation governance and incident munications, and the data/business Informing your employees may response preparation. intelligence team. Human resources sound like a good idea. A large percent- may also be involved if employees are age of data breaches, however, are at fault or are the victims. caused by employees. If the data Create a Plan breach is malicious, you don’t want Preparation Is the Key to Managing COMMUN1CAT1ONS to tip off the “bad guys” until you Data Breaches MANAGEMENT have time to gather evidence. Once Having a dedicated resource focused you’ve collected your evidence, Once you become aware of a data on ensuring communications are sent communicate a comprehensive breach, you have limited time and to the press, internal teams, and exter- response to employees about what resources to react. Jabian’s Data Breach nally affected parties is necessary. happened and, more important, how Framework breaks down the pieces to Unless you have drafted templates that the company will prevent this from include in your response strategy. The are preapproved with legal (internal happening again. framework provides the flexibility to and external), you will need someone Like all the steps in a data breach develop the plans you need in hand on working full time in concert with response, ensure you’re tracking Day 1 to address different data breach legal to draft and wordsmith your internal communications—who scenarios. You don’t want to create communications to ensure the optimal receives them, when, and what is your incident response plan while you message is delivered at the right time. communicated—to ensure com- are responding to the incident. Your communications strategy plete coverage. should include internal and external PROJECT MANAGEMENT stakeholders. There are many questions STAKEHOLDER MANAGEMENT A data breach requires many teams to you need to think through, addressing: With regard to project and com- come together swiftly and harmoni- What will you communicate? To whom munications management, you must ously. Having a project management will you communicate? How much ensure that your critical stakeholders SPRING 2018 11 Data Breach Strategy P R O JE C T M A N A GE ME N T are on the same page throughout the investigation, notification, contain- ment, and recovery phases of a data C OMMUNIC AT ION M A N A GE ME N T breach. Have someone on point to ensure communications flow from the project management office and inci- S TA K E HOL DE R M A N A GE ME N T dent response teams to the appropriate stakeholders—internal and external. You will more than likely have IN V EST IG AT ION NO T IF IC AT ION C ON TA INME N T R E C OV E R Y several vendors and internal groups A ND L E S S ON S working together across various work E R A DIC AT ION L E A R NE D streams. They will need executive approval, as well as coordination with the correct internal counterparts (IT, ME T R IC S A ND R EPOR T ING legal, communications, etc.) to assist throughout the process. Coordinating with these stakeholders and groups common pain point can be time-consuming. It requires management, as speed of alignment, approvals, and delivery are important for the team to be effective. not managed by a single corporate or communicating all the information 1NVESTIGAT1ON IT unit. This fragmentation can lead to to the public in a single notification, The technical nature of the inves- additional complications, as individual which can quickly fade from the public tigation will vary depending on the users and managers will have varying eye, is a huge win. The alternative systems, networks, and data types systems, programs, protection, and may be fragmented investigations involved. From a general process potential malware. Depending (managed by individual parties) and perspective, however, you must on your intercompany agreements, multiple notifications that can drag determine which systems are in or out you may need to get permission on for months, if not years. Equally of scope for the investigation; track from the subsidiary or franchisee important is being able to centrally what you have investigated and what is before conducting your investigation. craft and manage the messages to still in process; and understand when Ensuring up front that you have a customers and the public, ensuring the investigation is complete. If you well-thought-out cybersecurity they meet legal requirements and don’t have the skills in-house, engage clause in your intercompany agree- protect the company’s brand as much a private forensic investigation firm to ments can provide a uniform and more as possible. investigate on your behalf. timely investigation. If the credit card networks identi- Keep in mind that individual CONTA1NMENT fied your company or some of your system owners with proprietary As you identify issues throughout locations as being common points of knowledge and management of their the investigation, you should work to purchase for credit cards linked to computers, such as subsidiaries or immediately contain them without fraud, they may require you to use a franchisees, may be protective of their disrupting the investigation or forensic investigator certified by the devices and be hesitant to engage damaging any evidence. The goal of credit card industry. The card networks outside help to investigate. They will containment is to stop the incident will want to ensure it truly was a be looking after themselves before the or the malware from spreading. At malicious outside attack, rather than overall company, so you may have to this step, the goal is not to remove or an inside job, which could put your offer incentives to get them to opt in to eradicate it. company on the hook for reparations. the investigation. Depending on the type of issue Another difficulty may involve Incentives might include paying for you identify, it may be possible to decentralized systems or systems the cost of the investigation or the cost lock down your network or use an that cross corporate boundaries (e.g., of mailing notifications to customers.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    4 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us