How to Respond to a Data Breach

While you are taking precautions to protect client data, it is still necessary to have a plan in place in the event of a data breach. This is an area where it pays to be proactive—every second counts in a data breach event, so if you have a plan in place ahead of time, you’ll be able to secure your data and systems much faster. Creating a plan in advance helps to better protect all parties involved and will lead to a faster resolution and greater control over the breach.

Your data breach response plan should be part of your overall data security plan and should include the following elements:

– Defining a breach – what types of incidents will activate your plan
– Identify your response team – a list of individuals who will execute your response plan when a breach occurs
– Step-by-step action plan – instructions for your response team on what to do in the event of a breach
– Debrief session – host a retrospective session with team members to identify improvements and adjust the plan

Start developing your action plan with these three basic steps your response team members can take immediately upon activating your data breach response plan:

1. Secure your operations
2. Fix vulnerabilities
3. Notify appropriate parties

Secure Your Operations
Mobilize a team quickly to prevent additional data loss. Take any affected equipment offline immediately and closely monitor all entry & exit points (both physical & cyber). Update all credentials right away.

Fix Vulnerabilities
Figure out where the breach came from, and plug those holes in your security net asap. Then review other areas where you may be vulnerable to a breach and make those areas more secure as well.

Notify Appropriate Parties
Depending on your business and the specific situation, you may be required to report the breach to law enforcement, government agencies, affected businesses and individuals, and/or other entities. Understand your legal requirements ahead of time to avoid confusion in the event of a breach.

A note on Cyber Liability Insurance
If data stored on your firm’s computer is stolen or compromised, you may be liable for damages to third parties whose data has been stolen. You may also incur additional expenses if your state requires you to inform those affected by a data breach. Purchasing cyber liability insurance can reduce the financial losses incurred as a result from data breaches and other cybercrimes.

We recommend all firms check with their legal representative to review current liability coverages as they pertain to your business.

Preparation is key. By preparing for the worst and developing a data breach response plan, you can respond appropriately and mitigate the risk to your business in the event of a cyber incident. For more detailed guidance, use the FTC Data Breach Response: A Guide for Business.

**Disclaimer: This article is not inclusive of all actions a firm must take and does not constitute nor replace legal advice. We highly recommend all firms get legal and professional advice on their liability as a result of a data breach.