• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

After the data breach: Experts weigh in on the next steps

September 16, 2015 by Secure360 and UMSA

sticky note reads "ask the experts"

Copyright: 123rf/Vitaliy Vodolazskyy

The majority of companies today are aware that they need to establish and practice good data security measures. Even with strong systems in place, however, almost every organization is susceptible to some form of data breach. Digital Guardian recently published a great article with 30 experts’ tips. Here are some highlights from 5 of our favorites in that post:

What are the most important “next steps” companies should take following a data breach?

“COMMUNICATION: both internal (inform employees and involve everyone able to help, i.e. tech specialist, client service managers, PR & communication team, etc.) and external (direct mailing to the clients, official media release – and, if necessary, also interview to the profile press).

  1. Be open and sincere. Admit if the fault was on company’s side and accept responsibility.
  2. Provide details. Explain why the situation took place.
  3. Make conclusions out of the disaster and describe solutions for affected users. If possible, prepare a special offer for the affected audience.
  4. Explain how to prevent similar issues in the future.
  5. Invite to dialogue. Involve your clients, industry experts, analysts, media people and general public to the broader discussion about the source of the problem. 

Usually, such approach will allow you not only to minimize the negative impact of an IT security accident, but (when implemented correctly) will show your company as the reliable and transparent partner, which is able to operate correctly even during the crisis situation.”

Oleksandr Maidaniuk
Head of Quality Assurance Solutions
Ciklum Interactive Solutions

 

“To understand the root of the issue. Engineers can use forensics to analyze traffic and instantly determine the root cause of an event, entirely removing guesswork and problem reproduction from the equation. Effective forensics provide these four key capabilities:

  • Data Capture: Capture all traffic, 24×7, on even the fastest links
  • Network Recording: Store all packets for post-incident, or forensic analysis
  • Search and Inspection: Enable administrators to comb through archived traffic for anomalies and signs of problems
  • Reporting: Through data capture and analysis, results of investigations are logged and network vulnerabilities are reviewed and analyzed post-mortem.

Perhaps most importantly, forensics solutions capture data 24/7 and automatically analyze all data collected in real time, which means all the data you need for analysis is available at a moment’s notice. Whether the problem with your mission-critical app is across the room or across the world, forensics gives you immediate access to the most detailed analytics available to get to the root cause of an issue.”

Jay Botelho
Director of Product Management
WildPackets

 

“Bring in a third-party IT professional that specializes in incident response and gap analysis. The data breach happened on your current IT provider’s watch, so they have a vested interest in keeping your business, and may not tell you the whole truth. By bringing in an unbiased, third-party specialist, you can discover exactly what has been accessed and compromised, identify what vulnerabilities caused the data breach, and remediate so the issue doesn’t happen again in the future.”

Stephen Ward
Vice President of East Coast USA
Pinkerton

 

“Research your state’s law on whom to notify in case of a breach (sometimes the data subjects, sometimes a government agency), see whether your breach fits the type covered by the law; then check the 4-5 federal laws requiring notification in the event of CERTAIN breaches.”

Robert Ellis Smith
Leading expert on the right to privacy in the U.S.
Publisher of Privacy Journal

 

“Change your password. Immediately, change your password on the affected site/service. If the hack encompasses numerous sites, be sure to change all of those passwords. This process becomes a lot easier if you are using effective password management.”

Darren Guccione
CEO and Co-Founder
Keeper Security

These are just a few tips from professionals on the steps to take after your company has been affected by a data breach. We would love to hear from you – What steps of action would you recommend to an organization that has just been hit by a breach?

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Comments

  1. Ace says

    April 7, 2016 at 6:34 am

    Hi!
    Thanks for the great recommendations!
    Hope they’ll help to prevent business data breach issues.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: How to reboot a broken or outdated security strategy https://t.co/LNI7GBMS22 via @CSOonline
    about 6 hours ago

  2. Secure360 Conference
    Secure360 Conference: Check out the guest blog post from our Diamond Sponsor @Cisco https://t.co/XpLPJ3gyFl https://t.co/sbh0i0GLB0
    about 1 day ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.