• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY

Victim of a Data Breach? A 10 Step Guide to Getting Back on Track

Published by Sabrina Pagnotta on November 17, 2021
Categories
  • Cybersecurity
Tags
  • Cybersecurity
victim of a data breach response guide

Finding out that your organization has been the victim of a data breach, either directly or through a third party vendor, can be scary and confusing.

Data breach costs rose from USD 3.86 million to USD 4.24 million in 2021, with remote work, compromised credentials, and human error as leading causes. In the US, the number of breaches reported by Q3 2021 has already exceeded the total number for 2020.

Don’t panic! Here’s what to do if your organization gets hit.

Data Breach Response: A Guide for Businesses

1. Secure Your Operations

Time is of the essence. In order to stop the spread and prevent additional data loss, secure your systems, change passwords and access codes, and fix any explicit vulnerabilities that may have caused the breach. If you don’t have a breach response team, assemble any personnel that may be able to help: legal, IT, security, operations, PR, and management.

Take all affected equipment offline, but don’t turn it off. Every piece of evidence is useful for the post-breach investigation. Make sure you’re closely monitoring all entry and exit points, especially those involved in the breach.

2. Assess the scope of the breach

Once the first critical steps are taken, take a deeper dive into researching what happened to better understand how badly the organization has been impacted. These findings will lead to subsequent actions such as notification and remediation. 

Ideally, you’ll need to know how the attackers got into the network, and what’s the scope of the attack – what systems were impacted, what data has been compromised, and whether they’re still inside the network.

Consider hiring independent specialists, like forensic investigators or legal counselors with privacy and data security expertise. This will help you collect and analyze evidence, and outline remediation steps.

3. Think About Your Third Parties

If service providers or other third parties are involved, check what personal information or network applications they have access to, and change their privileges if needed.

Make sure your service providers are taking the necessary steps to prevent another breach, and are abiding by the security standards established in your contract. 

Read More: What is TPRM? The Ultimate Guide To Secure Your Vendor Ecosystem

4. Involve Law Enforcement

Call your local police department immediately to report the situation, especially if there’s any potential risk for identity theft. If the local authorities are not familiar with cybersecurity incidents, you could also contact the FBI or the U.S. Secret Service directly.

If there was a ransomware infection, authorities might be able to help you negotiate, or even put you in touch with security specialists that offer decryption keys and mitigation tools.

Read More: 10 Ransomware Tips from a CISO – How to Prevent, Detect, Contain, and Respond to Attacks

5. Notify Affected Parties

Once you’ve gathered enough data to understand the scope of the breach, reach out to all affected audiences — employees, customers, investors, business partners, and other stakeholders. Be transparent and share any advice that could help consumers protect themselves and their information.

Provide details on:

  • What happened
  • Why or how it happened
  • What data was compromised
  • How it was used
  • What remediation actions you have taken or will take
  • What actions can consumers take
  • How to contact your designated team

It’s common practice to post FAQs, as your website is the first place where people would expect to find updates. Answering their questions up front can limit their concerns and frustration, and will allow your team to focus on remediation.

6. Assess Your Legal Requirements

Your legal advisors will help you understand where your organization stands in terms of liabilities and regulations. Most states have enacted legislation requiring notification of security breaches involving personal information, such as CCPA.

If your organization is subject to the GDPR, notification to the local regulator must take place within 72 hours of the breach being discovered. However, it’s important to understand what the minimum requirements for notification are, as some incidents may not demand it.

Depending on your industry and the types of information involved in the breach, there may be additional laws or regulations that apply to your situation. For example, if electronic health records were affected, you could be subject to the Health Breach Notification Rule and would need to notify the FTC. Or you could be covered by the HIPAA Breach Notification Rule, and would need to notify the Secretary of the U.S. Department of Health and Human Services (HHS).

In the case of other data like credit cards, bank account numbers, or Social Security numbers, notify the institution that stores them so they can help monitor the accounts for fraudulent activity. If you collect or store personal information on behalf of other organizations, notify them of the data breach.

7. Begin recovery and remediation

Once the scope of the breach is clear and the researchers are confident the attackers no longer have access to the network, it’s time to get things back up and running.

When you get the green light, start restoring systems from backup and reconnecting compromised machines.

8. Start building defenses for future attacks

Threat actors are increasingly returning to compromise organizations multiple times, which makes it even more important to learn from what happened in order to stay ahead.

This could mean improving the patching cadence, updating network segmentation, changing password policies and user privileges, increasing security awareness training, implementing multi-factor authentication (MFA), strengthening your third party risk management program, or other changes to processes and technology.

9. Refine your incident response plan

Whether you had it before the incident or not, there are surely new lessons to be learned. Make sure you create or update a formal incident response plan. You could follow guidance from entities like the US National Institute of Standards and Technology (NIST), the SANS Institute, or the UK’s National Cyber Security Centre (NCSC).

Be sure to test the plan periodically so everyone is aware and prepared, and the document itself is up-to-date. 

A plan of this sort is an essential cybersecurity best practice in today’s interconnected business world, as organizations expand their digital infrastructure – and therefore the attack surface.

10. Focus on prevention

Vetting your vendors before engaging with them, performing continuous monitoring, prioritizing alerts, and proactively remediating risk vectors enable you to reduce data breach risks.

ThirdPartyTrust complements robust data breach response plans by helping you understand and continuously monitor the security posture of your third parties, giving you complete visibility into your supply chain and the effectiveness of its controls. When something changes or does no longer meet your security standards, you’ll be notified so that you can more efficiently prevent a data breach.

Learn more about the ThirdPartyTrust TPRM Automation Platform

Staying Calm Under Pressure

Being the victim of a data breach can be a stressful situation, especially if there are other threats involved, such as ransomware actors demanding payment. However, working methodically is the only way to get the business operational again.

Try to avoid knee-jerk reactions and follow your incident response plan. If you don’t have one, this can serve as a learning experience to make sure that any pathways used by the attackers can’t be exploited again in the future. 

It is often said that data breaches are no longer a matter of ‘if’, but ‘when’. So ‘when’ it happens, your customers, partners, and investors will expect to be able to trust your organization. It’s the way you react that will determine whether they stay or leave.

making tprm easier

Put Cybersecurity First In Your Supply Chain

Rising regulatory pressure is coupled by increasing third party risks, and your organization needs to extend cybersecurity practices beyond its own perimeter.

This strategy guide explains how to sustain a secure vendor ecosystem by solving security and compliance problems for enterprises and third party vendors.

Get the Guide
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
  • Phone
    |+1-617-245-0469
  • Address
    |
    111 Huntington Ave, Suite 2010, Boston, MA 02199
  • Sales
    |sales@bitsighttech.com
  • Contact Us
Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Reject AllAccept
Cookie Settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT