Tips for handling your first security breach
When it comes to data breaches, the risk for organizations is higher than ever before – from the calculable costs of leaked data to the less tangible effects on the companies’ brands and customer loyalty. Therefore, with targeted security breaches on the rise, defining an action plan is critical for every security practitioner.
Getting breached does not determine whether or not you have a good security program in place, rather how you respond to one does. Before you begin to stress out about how to keep your head (and your job) intact when the worse case scenario happens, here are the top five tips for handling an organization’s first security breach.
Expect to have quality time with executives
Prepare yourself for some quality time with the executive team. During a security breach, you will find yourself interacting with an entire group of people that previously were merely names on your corporate organization chart. The executive management team will expect you to make confident decisions quickly. This will often drive you crazy because you are an engineer and as you know, the unknown always outweigh the known. You will be sought after to make decisive, quick assessments regarding the information and data that you have collected and be prepared to be held accountable for them afterwards.
Make sure you establish and record a timeline of events
Create a complete and detailed timeline of events because your responsibility is to determine “how” this happened. A comprehensive list of everything that happened within your network is crucial information that your management team needs from you. This is not an interpretation of “why” this happened. Additionally, know that this collected data will be essential for legal, PR and the board members, and will be the primary deliverable that the rest of the workflow is derived from.
Set clear expectations and don’t succumb to the endless requests for updates
Do not succumb to the endless requests for hourly updates because it can impact the organization’s productivity. Although you should expect to receive constant status update requests, you should not update too often because it can negatively affect your work. Make sure that the analysts are given enough space to conduct their actual analysis. You might insist that hourly status calls occur, but understand that a 15-minute phone call every hour can actually rob and interrupt you of 25 percent of your productivity in conducting actual forensics work. Do not be afraid to push back and give yourself time to gather and report accurate information. After all, your responsibility is to enable informed executive decisions at this point.
Keep calm
Stay calm and do not panic. During a security breach, things are going to get a little crazy. During a time of crisis, do not worry about offending others by not being nice to them rather be more concerned about not adding to the insanity. Be prepared to make some decisions that may be above your typical job responsibilities. Inevitably, you will be required to task others that you normally do not have authority over, on the understanding that you will answer for it later on if needed. As long as you make this clear, then any reasonable person will support you on this.
Do not hesitate to ask for advice and support
Do not be reluctant to ask for help or support. It’s okay. As the long hours and sleepless nights count up, just know that there is an end. Eventually you will have discovered all there is to discover, the executive team will have collected all of the data that is required to do their job and life will return to normal once again. If public disclosure of your security is required, know that it is a double-edged sword. For example, you may experience great catharsis in knowing that the truth is out in public, but you must realize that the PR-spin engine will be operating in full speed and so you will be under a mountain of non-disclosure. Also, know that if you work for a large organization, they often have employee counselors readily available to discuss legal matters. Take advantage of these employee counselors because you shouldn’t underestimate the value of having someone you can obtain advice from.
In this day and age, it is an accepted truth that it is just a matter of time before your organization is breached – what is important is how you handle it. Remember to breathe and to manage your stress accordingly and know that you will come out of this situation with an experience that you cannot learn in any lab or any simulated exercise.