How to deal with a data breach

The next time your BlackBerry starts buzzing at 3 a.m., take a deep breath and get ready for some bad news. It could be your security officer alerting you that the company has experienced a data breach--something you don't want to hear in the middle of the night, or during the day, either.

There are several things a CIO must do immediately. First, don't panic. Remember that in the first hour, it is essential to take action. It's important to make an assessment of the damage the data could cause, and that means thinking about the staff to deploy to assess the damage. It also means thinking about who wants that data.

"The key to successfully managing any incident is to ensure you are always prepared for any eventuality by having written and tested plans. I cannot emphasize enough the value of testing. Our experience in advising clients in both the public and private sectors is that the quality of plans is significantly improved by testing them," says Neil O'Connor, principal consultant at information security specialist Activity. "You don't want to be testing your plans for the first time in a real crisis."

If you are able to identify exactly what is missing, you are a big step ahead in gathering the information you need to assess how serious the breach is. It's just as important to "freeze frame" the moment of the breach and preserve any evidence in the event of a lawsuit.

The first 24 hours after the attack are just as important as the first hour in assessing what happened and why. Many data breaches can be traced to a basic lack of training. And it might be time to reassess your basic approach to IT security, including concentrating on protecting the most important elements of your database. Remember that security protection is always evolving and it is up to your IT team to keep it evolving.

For more on security planning:
- check out this NetworkWorld.com article

Related Articles:
Data security news from FierceCIO