What to do during a data leak or breach
Creating a framework to respond to cyber security breaches
4 minute read | |
Data breaches and leaks are issues that can deeply affect companies and their employees, even in the face of our best efforts and modern cyber security methods.
As a workplace leader, it is essential to be able to pull your team together and create a plan in order to respond to cyber security crises.
What is a data breach?
Information Security Consultant and The University of Western Australia Centre for Software and Security Practice Director David Glance is accustomed to dealing with data breaches.
“According to the Office of the Australian Information Commissioner, a data breach is when personal information is accessed or disclosed without authorisation or is lost,” he said.
The effects of a data breach can be massive and even threaten companies with collapse following particularly serious attacks.
“The impacts depend on the nature of the data that has been lost, but can include anything from direct or indirect commercial consequences, through to putting a company’s customers at risk because personal data was lost – for example, as seen with Medibank and Optus,” Dr Glance said.
“There is also the immediate cost of remediation, which is the identification and fixing of the problem.
“The more long-lasting impact will be reputation damage, where customers lose trust in the company.”
Planning ahead
According to Dr Glance, making sure you plan ahead and developing strategies are essential to minimise the damage done by breaches, however, many companies are lax in doing so.
“All companies, irrespective of their size, should be managing information security risk,” he said.
“On the whole, they do not take cyber security seriously, instead relying on the hope it will never happen to them or, if it does, the insurance cover will be sufficient to deal with the consequences.”
In order to prepare your company to deal effectively with a data breach, a good place to start is with an information security risk plan, especially one that follows the recommendations outlined by the Australian Cyber Security Centre.
“An information security risk plan identifies all risks to a company’s information by deciding what threats may act on vulnerabilities, resulting in an adverse consequence,” Dr Glance said.
“The likelihood of a particular threat happening is determined, the impact of the consequences are calculated and then steps to reduce the likelihood or impact are put in place to mitigate the risk.”
By knowing what types of breaches can happen, a company can take steps to prevent them, as well as implement strategies to deal with them if they do occur.
“Another part of this process is to have an incident response plan, which is a sophisticated plan for the organisation to lay out the procedures, steps and responsibilities in the case of an information security incident, including data breaches,” Dr Glance said.
“The plan will be agreed upon, participants will have the required level of training and skills to carry it out, and there will, ideally, be practice runs to ensure it will work in the event of an incident.”
Following a template plan
An incident response plan does not need to be created from scratch, as there are a number of templates in place to aid organisations, ensuring the impacts of a data breach are less damaging, information is recovered faster and the public’s confidence in the company is restored much more quickly.
One such template is the National Institute of Standards and Technology incident response process.
“This process details all aspects of incident response organised as a life cycle, starting with preparation, moving to detection and analysis, followed by containment, eradication and recovery, and then post-incident activity,” Dr Glance said.
“Part of the post-incident response will be to determine the root causes of the incident, and the steps required to fix and control the risks of the breach happening again.
“At all times, there will be responsibilities for communication, both internally between everyone involved with the handling of a security incident and also with other employees, organisation partners, government departments, law enforcement and media companies.”
Following a template guide can make it more straightforward for a company to create tools and resources to use during the incident, train staff to detect breaches during the early stages, and formulate containment strategies to stop breaches from spreading too far.
“A company’s responsibility is to have an information security management system in place that is based on an understanding of its information security risk,” Dr Glance said.
“The board’s responsibility is to make sure the company has a plan and that it is implemented.
“Despite all measures, data breaches do happen – the plan's purpose is to minimise the damage to the company that would have occurred if it didn’t have a process to follow.”