A data breach can strike at any time, and when it does, it can feel like your world is falling apart. The chaos and raw emotions that come with a breach can be overwhelming, but having a plan in place and sticking to it will make all the difference.
We’ll go through the timeline of a data breach, highlighting what to expect and what you should be doing in each phase, so you won’t be completely lost when it happens under your watch for the first time.
Day One: The First Panic
- Immediately isolate the affected systems to contain the breach then assess the extent of the breach and identify the type of data that was compromised.
- Don’t. Touch. Anything. Else. This is the most important rule of thumb when responding to a data breach. If you start changing things, you could destroy valuable evidence. Let the experts handle the investigation.
- Locate your Incident Response Plan: You should already have this in place. If you don’t have an incident response plan in place, now is the time to create one. Having a plan will help you stay focused and organized during the chaos, but please for everyone’s sake make sure there’s at least a few hard copies stored safely offline and offsite.
- Assemble the Super Friends: You’ll need a team of experts to help you respond to a data breach. This might include forensics experts, incident responders, legal experts, public relations specialists, your cyber insurance representative and more.
- Bring in your very own Mr. Wolf: No, not the character from the movie! This refers to bringing in a trusted third-party consultant to help you with the breach. Just like in the movie, you want someone who knows what they’re doing and can get the job done.
- Create your groupings: You’ll need an Executive Group to call the shots and make the decisions, plus a Project Group to implement them.
- Start your Impact Assessment: You need to know what is affected and how severely, what areas of your business can continue BAU and what has been torpedoed.
Day Two: Setting Expectations – just because you called in the cavalry on day one doesn’t mean they will have all arrived, this is the day to start implementing your incident response plan.
- Contact Law Enforcement and Regulatory Agencies, if necessary.
- The Timeline: Establish a timeline for the breach, including when it started, when it was discovered, and what actions have been taken so far.
- Still continue not touching anything. Touching things can destroy evidence and make the breach even harder to fix. Gathering evidence can be challenging in the chaos but it’s important to do what you can.
- Learn to Communicate All Over Again: With so many different stakeholders involved in a breach, communication can break down quickly. Make sure you have a clear and concise way to communicate with everyone involved.
- Lawyers in Every Meeting: This is where having a good Cyber lawyer can really come in handy. They’ll help you navigate the legal implications of the breach and ensure you’re protected.
- What to say to the world? You’ll need to communicate the breach to your stakeholders, customers, and the public. Make sure you have a clear and concise message and stick to it. Your Lawyers will help you with this, but you may need some good PR professionals to help achieve the right result.
Day Three: Getting a Plan
- Don’t forget the computers (it’s not just the data center): A data breach can impact more than just your data center. Make sure you’re thinking about all the computers and systems that could be affected.
- Blame Game: It’s natural to want to get back online as soon as possible and it’s frustrating when faced with the real timeline. But resist the urge to point fingers. Focus on addressing the challenges one at a time and restoring your systems. You might learn that your cyber insurance policy expired or that your backups didn’t backup; move on, it’s too late to kill the messenger.
- The Grown Men Crying Part: This is where the stress and pressure really start to hit. Remember to take breaks, stay focused, and stay positive. You’ve got this. And if all else fails, grab a drink (or six).
- Credit Lines and Cash Flow: Breaches can be expensive, especially if you need to bring in outside help. Make sure you have a plan in place to manage your cash flow and keep your business running.
Day Four: Negotiations and Moving Forward
- Negotiations: Depending on the extent of the breach, you may need to negotiate with your insurance provider, your customers, and even law enforcement. Bring in the representatives from your cyber insurance policy, they’re your superheroes in these situations!
- Bad Actors are Actively Trying to Stop You: Unfortunately, it’s likely that the bad actors who caused the damage will try to prevent you from fixing the breach and restoring your systems. Stay vigilant and bring in the right experts to help.
Thanks for stepping into a day in the life of Mavenspire. Ransomware attacks suck, they’re extremely stressful and have catastrophic effects on business. If reading this has made you seek a spa to try and calm down, don’t panic, just call us and we’ll help get you on the right road.