When to Call for Help After a Data Breach
In spite of best practices, it is likely your organization will experience a serious data breach at some point. Once the initial shock wears off you'll be faced with numerous decisions, the most significant of which is whether to seek help from outside professionals such as attorneys, computer forensics investigators, information security consultants, privacy consultants and law enforcement.
Thu, January 10, 2013
Network World — In spite of best practices, it is likely your organization will experience a serious data breach at some point. Once the initial shock wears off you'll be faced with numerous decisions, the most significant of which is whether to seek help from outside professionals such as attorneys, computer forensics investigators, information security consultants, privacy consultants and law enforcement.
Making informed and expedient decisions about when and who to call for help is critical. Organizations that hesitate can suffer serious or long-term consequences, such as loss of valuable data, permanent damage to their reputation, or fines for regulatory non-compliance. Organizations that jump too quickly may needlessly drive up investigative costs. Finding a happy medium is easier when you have a sense of what situations will require outside help. Here are some guidelines:
* Scope: When a breach is too big or complex for internal staff to handle, it is time to seek outside help. Depending on the nature of the breach, notification to regulatory agencies and consumers may be required and these must be performed within a specified time period. Not all organizations maintain sufficient human resources to quickly and properly handle notification and perform damage control activities at the same time.
HAPPY NEW YEAR: 12 Security Resolutions for 2013
Bringing in outside consultants provides organizations the much needed resources to continue running the business while investigation and containment activities are being performed. Consider your organization's capability for identifying the breach types that would be too burdensome to handle in-house.
* Crossing boundaries: Not all breaches are neatly contained within an organization. With the increased use of outsourcing and cloud services, investigating a breach often requires the cooperation of multiple companies. While individuals within an organization might get caught up in the blame game, outside consultants are not susceptible to such politics and are able to make more objective assessments.
In order to track perpetrators of a breach, investigators might also need to coordinate with Internet service providers (ISPs), search engines or social network sites. When such information is crucial to the investigation, it is important to involve law enforcement agencies, as these sources will only release data to law enforcement.
* Publicity: In cases of high-profile breaches, having work performed by outside experts lends some needed credibility during a difficult time, thus helping restore a company's reputation even before any damage has occurred. Obtaining outside assistance communicates to shareholders, customers, and the public alike that an organization is serious about resolving a breach.