• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

Data Breach Incident Response Plan: 6 Essential Steps

If you're charged with influencing your organization's data breach incident response plan, make sure you include these essential steps.

December 20, 2018 TD Staff 2 Comments

Microsoft Hospitals

Your organization most definitely has physical security breach plans in place, but do you also have a data breach incident response plan?

Consider that the average loss in a physical burglary is about $2,000, but in a cyber-attack it’s more like $117,000. By any level of logic, you’re organization should be extremely focused on creating a data breach incident response plan.

Cyber crime is in the news continuously. Any level-headed IT director knows it’s a matter of when, not if, a cyber security breach hits home.

Paul Konikowski, a consultant at Command Systems Group, LLC which services mission-critical customers including military bases, recently offered up six essential steps for data breach incdient response plans to sister site Commercial Integrator. As he writes, there are many variations, but the best incident response plans typically include these steps.

Data Breach Incident Response Steps

1. Analysis

Is it a false positive? The IRT should review the logs for vulnerability tests or other abnormalities. What systems have been attacked? What stage of the attack? What is the origin?

2. Containment

Provides time to determine the next steps, while limiting the spread, and the impact. Your team should isolate the system if possible and make a backup for forensic investigation.

3. Communication

Alert everyone on the Incident Response Team including IT, HR, Legal, Operations and Management representatives.

Should law enforcement/FBI be contacted? Experts like FireEye? Third party vendors? Industry peers? How soon should you alert the public?

Related: How to Create the Ideal Cyber Security RFP

The laws vary by state in the US. In the EU, the GDPR says within 72 hours.

Your IRP should include a detailed cyber crisis communication plan, detailing who should be contacted in case of an attack, what message that will be conveyed to them, and who has the authority to communicate on behalf of the organization.

4. Eradication

Scan all systems for malware. Isolate and disable all accounts and components that have been compromised. Remove access to systems by suspect employee logins. Change passwords, apply patches, and reconfigure firewalls.

5. Recovery

This can take a while, so you need to prioritize what systems are most critical to resume functionality

6. Post-event analysis

What was the dwell time? (time from data breach to recovery) Are changes to policies, procedures, or equipment in order? How effective was the incident response plan? Then, test the revised IRP using simulated attack.

In conjunction with having an incident response plan, organizations need to provide adequate cyber awareness training to all employees, not only explicitly telling everyone what to do, but what not to do, in the event of a data breach or cyber-attack.

Setting guidelines for communicating with outside parties regarding incidents is key. You don’t want someone in your organization tweeting “WE ARE GETTING HACKED!!!”, followed by a dozen hashtags, do you?

Tagged With: Cyber Attacks, Cyber Security, Data Security

Related Content:

  • Barracuda networks ransomware, cyberinurance Ransomware Actors May Be Targeting Organizations With Cyber…
  • Bitwarden Secrets manager Bitwarden Releases Beta of Secrets Manager for DevOps…
  • AVer PTZ cameras, the PTZ310UNV2 and PTZ310UV2. AVer Introduces 4K 12X AI PTZ Cameras
  • Cisco Webex Board Pro, MIcrosoft Teams, Webex You Can Now Natively Run Microsoft Teams Rooms…

Free downloadable guide you may like:

  • Four IT Trends That Will Define 2023Expert Series: Four IT Trends That Will Define 2023

    Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations emerging from each.

Reader Interactions

Trackbacks

  1. Are Your Classrooms Safe from 'USB Killers'? - My TechDecisions says:
    May 16, 2019 at 2:45 pm

    […] but not least, you should have an incident response plan that anticipates USB attacks, and communicate that plan, so everyone knows what to do in case of a […]

    Reply
  2. Q&A: An Opinion on Data Loss and Response Platforms - My TechDecisions says:
    May 30, 2019 at 11:49 am

    […] Read Next: Data Breach Incident Response Plan: 6 Essential Steps […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Four IT Trends That Will Define 2023
Expert Series: Four IT Trends That Will Define 2023

Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations ...

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.