Even with all the best business practices and ways to prevent a security breach, information security breaches have become increasingly common nowadays—and have become more deadlier and more sophisticated.
This is why choosing the right IT partner is crucial not only in helping you prevent a security breach from happening but also essential in managing mitigation once a breach happens.
So, how does one recover from a security breach? A strong breach management plan should be one of the most important procedures you should have.
To know if you have an efficient breach management plan, it should have these four essential elements:
1. Containment and Recovery
Once information security breaches happen, the initial response should be strong, swift, and must involve almost all departments in the operations such as the IT, HR, PR and the legal department.
While it is necessary to investigate the breach immediately, it is also important that when a breach is identified, it is contained right away to limit the extent of the damage.
This element of the breach management plan should clearly indicate who takes the lead on the investigation, the proper notification system, who gets to be informed first, and what are their roles in the containment strategy.
Recovery of losses and restoring of lost or damaged data are part of this stage, as well as, alerting the staff on recognizing the misuse of stolen data.
Legal actions, such as customer and police notifications, should also be done immediately if needed.
2. Risk Assessment
Before you devise steps for mitigation, assessing risks are necessary to help you identify the extent of potential damage to your property, infrastructure, or the consequences to individual employees and the business (and customers) as a whole.
A part of risk assessment is estimating the likelihood where such breaches might happen.
3. Breach Notifications
How you inform the public and your shareholders that a security breach occurred is a big part of your breach management plan, which has a direct effect on how likely you can regain the loss of trust.
Simple notifications aren’t enough, as it should have a clear purpose, provide advice, and deal with the expected complaints and questions. This should also include who you need to notify, what to tell them, and the manner you’re going to communicate the breach.
There are some laws that require you to notify governing agencies about breaches too.
Third parties such as the police, insurance company, bank or credit companies who can help in reducing financial loss, trade unions, and professional bodies should be included as well.
4. Evaluation of Response
Once a breach has been investigated and mitigated, its source has been identified, and loss has been recovered, evaluating your team’s response to the breach is also necessary.
If the breach happened because of systemic problems, merely containing the breach isn’t acceptable. An overhaul or revamp may be necessary.
If the response was met with challenges due to inadequate policies or unclear lines of responsibility, then it is important to review and update policies.
Improvements should be made after every breach, as it is always a learning curve for everyone.
5. Partner with the Right IT Company
Security is very critical in information technology. It is wise to partner with an expert IT company to provide you with the right element of security to ensure breaches wouldn’t happen.
AIM Corporate Solutions, Inc. (ACSI) is one of the reputable information security companies in the Philippines. We are known to perform business and infrastructure risk management projects for companies, allowing them to be compliance-ready when it comes to information security.
Just this year, one of the biggest power generating companies in the country commissioned us to do a comprehensive business and infrastructure risk management project, starting from a top to bottom assessment of all affected areas including assessment of its servers, SCADA infrastructures, Programmable Logic Controller (PLC) infrastructures, network infrastructure, access to information, data process procedures, physical sites and non-IT related procedures like disposal, risk management, HR programs, communication process, contingency procedures, and Information Security Management Systems (ISMS). This paved the way for the company on the roadmap to their ISO certification by 2016.
This also led the company to work with them on the development of an ISO-based Information Security Management Systems (ISMS), which will provide a hard guide on the Policies and Procedures that will be followed by the company in terms of information handling and access.
AIM Corporate Solutions, Inc. (ACSI) also provided the ISMS training to their staff to ensure proper literacy and compliance.
By end of 2015, the company had also commissioned AIM Corporate Solutions, Inc. (ACSI) to provide the company solutions on how to address their patching requirements and data loss protection requirements, which were on the items for remediation in the risk assessment activities.