12 questions to assess your data breach response capability
A new Data Breach Response Guide from Experian, which offers breach recovery services, walks through a myriad of processes for putting together an enterprisewide plan to prepare for and respond to a breach, and then put the plan into motion when an incident occurs.Areas covered include communicating to the C-Suite, creating a plan, practicing the plan, responding to a breach, auditing the plan, and a quiz with core questions to assess present preparedness. “If you answer NO more than once or twice, you and your team should immediately address the gaps to get fully prepared,” according to Experian.
A new Data Breach Response Guide from Experian, which offers breach recovery services, walks through a myriad of processes for putting together an enterprisewide plan to prepare for and respond to a breach, and then put the plan into motion when an incident occurs.
Areas covered include communicating to the C-Suite, creating a plan, practicing the plan, responding to a breach, auditing the plan, and a quiz with core questions to assess present preparedness. “If you answer NO more than once or twice, you and your team should immediately address the gaps to get fully prepared,” according to Experian.
Response Planning
Do you have an internal response team assembled? If you have a preparedness plan in place, have you updated, audited and tested your plan in the last 12 months?
Key Partners
Have you identified third-party vendors and signed contracts to engage in the case of a breach? Do you have a relationship with relevant state attorneys general to contact in the case of a breach and ensure you are following state guidelines?
Notification & Protection
Have you identified what your breach notification process would look like and have the proper contact lists for employees and patients in place to activate quickly? Have you evaluated identity theft protection services to offer to affected parties if you experience a data breach?
Security Planning
Have you taken inventory of the types of information you store that could be exposed during a data breach? Do you have the technologies and processes in place to conduct a thorough forensic investigation into a cyber security incident?
Communications
Have you developed a communications incident response plan including drafts of key media materials that will be useful during an incident (e.g., statements and Q&A)? Have you media-trained your spokespeople and executives specifically on security matters?
Training and Awareness
Have you conducted a data breach crisis table top exercise or simulation to test how effectively your company would manage a major incident in the last 12 months? Have you conducted employee training to apply security best practices in the last 12 months?
Learn More
The Experian breach response guide is available here.