Australia’s Data Breach Notification Laws Part 3: Developing a Data Breach Response Plan

Now that you're aware of what the data breach laws mean and how to protect your business, it's time to focus on arguably the most important cybersecurity task: developing a data breach response plan for when that terrible day finally arrives.

Why a Data Breach Response Plan is Important for Your Business

The fact of the matter is that in today's digital climate, becoming the target of a cyber attacker is no longer a question of ‘if’ but ‘when’. According to one recent study, total global cyber crime damage is expected to hit an amazing $6 trillion per year by as soon as 2021 -  a figure that literally represents the largest transfer of economic wealth in the history of the world. Cyber crime is literally more profitable than all illegal drug trades around the world combined, so it makes perfect sense that the number of attacks is only going to increase as time goes on.

With this data in mind, you and everyone else is bound tobecome a cybersecurity target at some point. This is an irrefutable fact that you cannot avoid and therefore must prepare for.

Developing the right data breach response plan for your business is the key to making sure that your doors stays open and that you can keep moving forward.

How to Develop a Data Breach Response Plan

Any quality data breach response plan can essentially be broken down into two smaller parts — a section on what should be done to pre-empt a breach and what contingencies should be done during and after an incident happens or has been detected.

To speak to the former category, any data breach response plan that you develop must clearly define and communicate a number of core factors:

• The roles and responsibilities of all parties involved. Never forget that a data breach is truly an all-hands-on-deck situation. Everyone will need to know exactly what role they need to play and what tasks they will be responsible for before an event starts to save time while the incident is still going on.

• Internal detection, reporting, and evaluating guidelines. Simply put, what steps do you have in place now to detect suspicious activity as quickly as possible? What specific types of security threats is your organisation most vulnerable to and what can you do today to prevent unauthorised access to your systems? The answers to these questions absolutely need to be built into your response plan by design.

• Information about the containment and elimination of the breach.Once an event has been detected and is officially ‘ongoing’, what do you need to do to put a stop to it as fast as you can? How can you gather as much information as possible to determine how the event occurred so you can address that vulnerability and make sure it doesn't happen again? This should be another key part of your plan.

• Information about taking action and moving forward to restore normal operations. Part of the response plan and will outline exactly how normal operations can and must be restored. This is another area where identifying key roles and responsibilities will come in handy, as everyone will have a unique role to play during this time to help get you back up and running again as soon as possible.

Even though some of these elements describe steps that you will take during and after a breach, you still need to have these plans in place before the event occurs. Doing so will eliminate the guesswork from the equation, save valuable time in a situation where every second counts, and guarantee the fastest and most holistic response possible.

Building The Next Step Into Your Plan

As stated, another key part of your plan will involve knowing precisely which actions to take as an organisation and as individuals while the attack is going on. This will include a detailed analysis of factors like the following:

• Who are the appropriate personnel to reach out to and how can you alert them as quickly as possible?

• Are any steps required to physically secure the premises depending on exactly what type of breach you're dealing with?

• What do you need to do to prevent a further breach or additional data loss?

During this time, you will also need to begin a comprehensive investigation and may even want to go as far as enlisting the help of an external forensics team depending on the situation. You will want to interview all people directly involved in the cyber attack, assess the risks, and document everything — all in an effort to compile as much usable data as you can. This will tell you what happened, why it happened, and what you can do to make sure that it doesn't happen again.

Other Elements Your Response Plan Must Include:

Again, the specifics of your data breach response plan are going to change based on the type of business you're running and the unique situation you face. That said, these are all great starting points for you to use to build the best response plan that meets your needs before you actually need to use it.

To get a better idea of what your actual data breach response plan will look like when it is formalised and completed, view the following template that was created by the Federal Trade Commission. Yes, this is all going to change once your unique business is accounted for, but it's nothing if not an excellent place to begin.

As an additional resource, use this data breach cost calculator from the experts at IBM Security to help better understand exactly how your organisation will be affected (including monetary damage) from the various types of data breaches that you may one day face. 

Powernet: Let's Take the Next Step in Securing Your Business IT Together

At Powernet, we believe that cybersecurity is one of the most important topics of our age — not only in terms of protecting the organisation you've worked so hard to build, but also for making sure that all private and confidential information stays secure for as long as possible.

With that in mind, we encourage you check out the final part in this four part series of articles on the next step for your business. 

If you have any additional important questions that you'd like to see answered or concerns that need to be addressed, contact Powernet today.