• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • Latest News
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

Data Breach Incident Response Plan: 6 Essential Steps

If you're charged with influencing your organization's data breach incident response plan, make sure you include these essential steps.

December 20, 2018 TD Staff 2 Comments

Microsoft Hospitals

Your organization most definitely has physical security breach plans in place, but do you also have a data breach incident response plan?

Consider that the average loss in a physical burglary is about $2,000, but in a cyber-attack it’s more like $117,000. By any level of logic, you’re organization should be extremely focused on creating a data breach incident response plan.

Cyber crime is in the news continuously. Any level-headed IT director knows it’s a matter of when, not if, a cyber security breach hits home.

Paul Konikowski, a consultant at Command Systems Group, LLC which services mission-critical customers including military bases, recently offered up six essential steps for data breach incdient response plans to sister site Commercial Integrator. As he writes, there are many variations, but the best incident response plans typically include these steps.

Data Breach Incident Response Steps

1. Analysis

Is it a false positive? The IRT should review the logs for vulnerability tests or other abnormalities. What systems have been attacked? What stage of the attack? What is the origin?

2. Containment

Provides time to determine the next steps, while limiting the spread, and the impact. Your team should isolate the system if possible and make a backup for forensic investigation.

3. Communication

Alert everyone on the Incident Response Team including IT, HR, Legal, Operations and Management representatives.

Should law enforcement/FBI be contacted? Experts like FireEye? Third party vendors? Industry peers? How soon should you alert the public?

Related: How to Create the Ideal Cyber Security RFP

The laws vary by state in the US. In the EU, the GDPR says within 72 hours.

Your IRP should include a detailed cyber crisis communication plan, detailing who should be contacted in case of an attack, what message that will be conveyed to them, and who has the authority to communicate on behalf of the organization.

4. Eradication

Scan all systems for malware. Isolate and disable all accounts and components that have been compromised. Remove access to systems by suspect employee logins. Change passwords, apply patches, and reconfigure firewalls.

5. Recovery

This can take a while, so you need to prioritize what systems are most critical to resume functionality

6. Post-event analysis

What was the dwell time? (time from data breach to recovery) Are changes to policies, procedures, or equipment in order? How effective was the incident response plan? Then, test the revised IRP using simulated attack.

In conjunction with having an incident response plan, organizations need to provide adequate cyber awareness training to all employees, not only explicitly telling everyone what to do, but what not to do, in the event of a data breach or cyber-attack.

Setting guidelines for communicating with outside parties regarding incidents is key. You don’t want someone in your organization tweeting “WE ARE GETTING HACKED!!!”, followed by a dozen hashtags, do you?

Tagged With: Cyber Attacks, Cyber Security, Data Security

Related Content:

  • Log4j, Most Exploited Vulnerabilities Log4Shell Exploitation Continues, Agencies Warn
  • Microsoft TAP Microsoft Releases Temporary Access Pass For Time-Limited Passcodes
  • Owl Labs' Meeting Owl 3 Owl Labs Launches Meeting Owl 3 Camera Device,…
  • Microsoft Servicing Profiles Admins Now Have More Control Over Microsoft 365…

Free downloadable guide you may like:

  • Windows 11Blueprint Series: Upgrading to Windows 11

    Upgrading end users to Windows 11 could be one of the most challenging tasks IT has to face in the coming years. Although the new version is touted to provide many benefits, including some important security enhancements, when and how to roll out the upgrade will vary significantly by organization.

Reader Interactions

Trackbacks

  1. Are Your Classrooms Safe from 'USB Killers'? - My TechDecisions says:
    May 16, 2019 at 2:45 pm

    […] but not least, you should have an incident response plan that anticipates USB attacks, and communicate that plan, so everyone knows what to do in case of a […]

    Reply
  2. Q&A: An Opinion on Data Loss and Response Platforms - My TechDecisions says:
    May 30, 2019 at 11:49 am

    […] Read Next: Data Breach Incident Response Plan: 6 Essential Steps […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Windows 11
Blueprint Series: Upgrading to Windows 11

Upgrading end users to Windows 11 could be one of the most challenging tasks IT has to face in the coming years. Although the new version is touted...

The State of the IT Department in 2022

The role of the IT professional has shifted from one that supports the business to one that is deserving of a seat at the table when it comes to ma...

Hybrid Work Challenges
The Three Most Common Hybrid Work Challenges Two Years Into the Pandemic

Many of us have been working in a hybrid environment for two years now. Our editors thought this would be a good time to take a look at what’s work...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2022 Emerald X, LLC. All rights reserved.