• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Responding to a data breach

November 29, 2018 by Secure360 and UMSA

Stressed man at laptop

Copyright : Elliot Burlingham

 

It seems as though every spy thriller made since Ian Fleming romanticized the Cold War has been about nefarious persons stealing data or hacking into extremely important computer networks to meet their dastardly deeds. It’s no wonder, either, as cybersecurity has become one of the top security concerns (pun intended) virtually around the globe as multibillion-dollar corporations, organizations and even governments fall prey to malignant hackers. The United States government has even dedicated a whole month to the preach and practice of cybersecurity awareness.

Data breaches and cyber-attacks are more commonplace than ever before, and they aren’t always reported to the public. Even worse, oftentimes they are reported, but years after the fact. Take the data breach that crippled Google+, a bug that affected “an API that was accessed by hundreds of developers… active between 2015 and 2018.” As a result of this breach, Google exposed the personal information of “hundreds of thousands of users of its Google+ social network.”  Though sensitive details such as name and email address were exposed, Google maintains that the bug was entirely internal, that there was no evidence to suggest any malignant actor intervention… which is also the reason why we’re only hearing about this for the first time now, in 2018.

As much as we fancy ourselves a fortress of cybersecurity and network fortitude, data breaches happen. Companies and their reputations can be made or broken by how they respond to these data breaches. Keep reading for our guide on how to do it right.

Have a plan for responding to a data breach.

Data breaches can happen to any organization, of any size, in any industry. When it comes to protecting your network and data, be a pessimist. Believe in Murphy’s Law. Have a plan for when the worst (inevitably) happens! Business continuity and disaster recovery isn’t just a component of the IT-verse; there are enough protocols and best practices here to constitute its own independent cog in the infosec machine. Whether you create yours with internal staff or outsource to other firms, see that you start the new year with a foolproof plan for what to do when things go wrong.

Determine the damage.

However you have been made aware of a suspected cyberattack or data breach, the first thing to do is conduct a security audit to determine the damage. Get to know your data breach: what happened and why. What inconsistency or bug in your programming lead to this breach, and where did it occur? These are questions that need to be answered in order to fully assess the extent of the damage caused by your data breach. Getting an audit from a certified security firm is the most thorough way to do this.

Be transparent.

It’s the oldest phrase in the book: it isn’t the crime, it’s the cover up. No matter the scale of your data breach, be sure to tell all those who are even slightly affected by it: your employees, your members, your shareholders and everyone in between. Be transparent with them about what happened and your findings from your security audit. Tell them what you are doing to remedy the situation, any action steps they themselves can take to further help, and the safeguards you are putting in place to ensure that it never happens again.

Learn and move on.

Maintain a relationship with your security firm. In fact, keep them on standby. Consider conducting a threat hunt or bringing in a hunt team to do so, to seek out additional internal and external threats to your organization’s data. Utilize your new insights that came from this data breach, and your shiny new disaster plan and move forward with increased experience and integrity.

 

When it comes to keeping your data safe, data breaches are unavoidable threats that can (and will) happen once or twice. However, with the proper response, they don’t have to mean the end of your organization.

Interested in more quick, helpful guides like this one? Take a look at the Secure360 blog!

Filed Under: News and Events, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. UMSA
    UMSA: Check out the latest blog from one our @Secure360 speakers https://t.co/EBGzztPNA0
    about 33 minutes ago

  2. Secure360 Conference
    Secure360 Conference: Thanks for sharing @ZizZinet! We can't wait to have you back for virtual conference round 2! Hopefully 2022 will br… https://t.co/JpwNWnl04n
    about 17 hours ago

  3. Secure360 Conference
    Secure360 Conference: @ZizZinet Woo hoo! We're so excited to welcome you back
    about 17 hours ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.