• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

After the data breach: Experts weigh in on the next steps

September 16, 2015 by Secure360 and UMSA

sticky note reads "ask the experts"

Copyright: 123rf/Vitaliy Vodolazskyy

The majority of companies today are aware that they need to establish and practice good data security measures. Even with strong systems in place, however, almost every organization is susceptible to some form of data breach. Digital Guardian recently published a great article with 30 experts’ tips. Here are some highlights from 5 of our favorites in that post:

What are the most important “next steps” companies should take following a data breach?

“COMMUNICATION: both internal (inform employees and involve everyone able to help, i.e. tech specialist, client service managers, PR & communication team, etc.) and external (direct mailing to the clients, official media release – and, if necessary, also interview to the profile press).

  1. Be open and sincere. Admit if the fault was on company’s side and accept responsibility.
  2. Provide details. Explain why the situation took place.
  3. Make conclusions out of the disaster and describe solutions for affected users. If possible, prepare a special offer for the affected audience.
  4. Explain how to prevent similar issues in the future.
  5. Invite to dialogue. Involve your clients, industry experts, analysts, media people and general public to the broader discussion about the source of the problem. 

Usually, such approach will allow you not only to minimize the negative impact of an IT security accident, but (when implemented correctly) will show your company as the reliable and transparent partner, which is able to operate correctly even during the crisis situation.”

Oleksandr Maidaniuk
Head of Quality Assurance Solutions
Ciklum Interactive Solutions

 

“To understand the root of the issue. Engineers can use forensics to analyze traffic and instantly determine the root cause of an event, entirely removing guesswork and problem reproduction from the equation. Effective forensics provide these four key capabilities:

  • Data Capture: Capture all traffic, 24×7, on even the fastest links
  • Network Recording: Store all packets for post-incident, or forensic analysis
  • Search and Inspection: Enable administrators to comb through archived traffic for anomalies and signs of problems
  • Reporting: Through data capture and analysis, results of investigations are logged and network vulnerabilities are reviewed and analyzed post-mortem.

Perhaps most importantly, forensics solutions capture data 24/7 and automatically analyze all data collected in real time, which means all the data you need for analysis is available at a moment’s notice. Whether the problem with your mission-critical app is across the room or across the world, forensics gives you immediate access to the most detailed analytics available to get to the root cause of an issue.”

Jay Botelho
Director of Product Management
WildPackets

 

“Bring in a third-party IT professional that specializes in incident response and gap analysis. The data breach happened on your current IT provider’s watch, so they have a vested interest in keeping your business, and may not tell you the whole truth. By bringing in an unbiased, third-party specialist, you can discover exactly what has been accessed and compromised, identify what vulnerabilities caused the data breach, and remediate so the issue doesn’t happen again in the future.”

Stephen Ward
Vice President of East Coast USA
Pinkerton

 

“Research your state’s law on whom to notify in case of a breach (sometimes the data subjects, sometimes a government agency), see whether your breach fits the type covered by the law; then check the 4-5 federal laws requiring notification in the event of CERTAIN breaches.”

Robert Ellis Smith
Leading expert on the right to privacy in the U.S.
Publisher of Privacy Journal

 

“Change your password. Immediately, change your password on the affected site/service. If the hack encompasses numerous sites, be sure to change all of those passwords. This process becomes a lot easier if you are using effective password management.”

Darren Guccione
CEO and Co-Founder
Keeper Security

These are just a few tips from professionals on the steps to take after your company has been affected by a data breach. We would love to hear from you – What steps of action would you recommend to an organization that has just been hit by a breach?

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Comments

  1. Ace says

    April 7, 2016 at 6:34 am

    Hi!
    Thanks for the great recommendations!
    Hope they’ll help to prevent business data breach issues.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: With so much fun had this year, we're eager for next year! Mark your calendars for May 9-10, 2023 back at Mystic La… https://t.co/Cbk0abnNSO
    about 22 hours ago

  2. Secure360 Conference
    Secure360 Conference: With #Sec360 2022 officially in the books, we wanted to share a little recap of the fun! https://t.co/iMPwAp1Kac … https://t.co/kk7xRUXoRo
    about 3 days ago

  3. Fusion Learning Partners
    Fusion Learning Partners: Congratulations @UMSAOrg on a successful 2022 #Secure360 event! We are honored to be part of your conference team &… https://t.co/RbT7IEG49G
    about 3 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.