Information security has continued to play prominently in the news as this series has evolved. Just today AT&T announced a data breach. Jimmy John’s, also added to the list in the past month, is still recovering. JP Morgan’s breach last week affected an estimated 76 million households. 76 million! That’s nearly a quarter of the US population!
Part Four: After A Breach
In Part One of this series, I laid out data breach statistics that were at best startling, and at worst downright terrifying. Thankfully, a large percentage of the data breaches discussed were preventable, and there are lots of lessons to be learned from them that can help you protect your organization.
In Part Two, I discussed security awareness training basics and the importance of mobile device management. Part Three covered the human element of information security today, specifically your IT policy, internal processes, and all of the IT audits you need to make sure your has completed for compliance and security.
Today, in Part Four, we’re going to discuss what to do after a data breach, should one occur, and some of the best practices in terms of preparation. I realize that you may not be directly involved in implementing all of the steps below, but you are partially responsible for what happens after a data breach and for preventing data breaches. Sometimes it’s helpful to know some of the methods in order to be able to better understand and communicate with your technical counterparts. While it’s my hope that you never have to deal with a data breach, I do hope this series is acting as a conversation starter between IT and compliance, so you can work closely together to keep your company secure from cyber threats. As I quoted in Part One,
The Crisis Response Team
Imagine that you got a call right now: your systems have been breached. Sensitive customer data has been leaked. How well prepared are you to respond?
Hopefully this isn’t the situation you’re in. If you haven’t been in this situation yet, then take the following steps immediately – don’t wait until it’s too late! (That said, if you’ve already been breached, you can still take these steps, but you’ll be on a very accelerated timeline.)
1. Form an IT crisis team
The IT Crisis Team should consist of both compliance and IT professionals that can respond to both aspects of the attack – not just the technical security, but the compliance concerns born out of it as well. These individuals would ideally have an interest in the topic, and stay up to date on data security news, best practices, research and regulations. These individuals should meet regularly, perhaps quarterly, to share information, particularly around best practices and regulation, since this is such a rapidly evolving space.
2. Develop a response plan
The response plan should read like a step by step guide as to what to do after a data breach. It should also allocate responsibility for each step. Experian puts out a fantastic guide that walks you through every step your response plan should include, the legal landscape surrounding data breaches, and a preparedness plan audit.
Preparing For A “Lost Site”
What happens if one of your key server locations is down?
Servers can go down for any variety of reasons, from extended power outages due to natural disasters or security breaches. That’s right – if your servers are breached, you may not be able to detect the continued presence of an intruder. This would require you to take all breached servers offline.
You can see how this presents a business dilemma – taking down your servers clearly has a negative business impact, yet leaving penetrated servers live presents an even bigger security risk. So what do you do?
3 Security Measures Against Natural Disasters And Lost Sites
1. Develop a business resumption plan
A business resumption plan details all the steps that need to be taken to resume business as normal while the crisis team deals with the legal and security issues. This plan might involve switching to a backup data center, mirror servers, or, in the case of a natural disaster, moving to your hot or cold site.
2. Determine whether your business needs a cold, warm or hot site
Definitions vary for how to define hot site and cold site. For some businesses, a hot site is a facility that they either own or have an agreement with that allows them to come in should their original facility be compromised for whatever reason.
For example, a business based in Athens, GA has a hot site in Florida. If the Athens facility goes down for whatever reason, the systems engineers can set up shop in Florida and work from there as long as necessary to restore operations at the main campus.
A more technical definition includes a mirror of your entire data center infrastructure, including all the servers, power, cooling that your regular data center operation would have. These servers are mirrored (explained in step 3), so that you can resume business immediately without interruption. As you can imagine, this is extremely expensive, so while the security is worth it to a large enterprise, it’s likely not feasible for a smaller operation.
A cold site provides only the space, power and cooling required, without the actual server infrastructure. This is much cheaper to maintain, but requires significant labor to get running, and doesn’t help if your servers are damaged or infiltrated. A warm site is a combination of the two, configurable to the needs of security and backup you require.
3. Implement mirror servers at backup data centers
Mirrored servers are your best shot at resuming business quickly and safely after a data breach. It’s estimated that every minute of downtime costs a business approximately $5,600.
A mirrored server is a server that is remotely updated, independent of your main servers. This means that you can take your main servers entirely offline (whether by accident, natural disaster, or due to a data breach) with very little business interruption. Again, this is expensive, but there are virtual options and a variety of backup solutions to meet any budget.
I didn’t list all the articles I consulted for this post, so reach out to me on LinkedIn if you’d like the full list. Join us next week for the final post in our Information Security Training Master Class series! Has it been helpful? I’d love to know. Reach out to me on LinkedIn or post a comment – I’d love to hear your thoughts!
For More Information About Information Security Training, Check Out These Resources:
- Blog: 4 Cases Where Security Awareness Training Could Have Saved The Day
- Blog: From Russia With Love: ‘Do svidaniya’ Peace Of Mind, Hello Information Security Training
- Blog: Information Security Training Can Even Save Your Grandparents
ON DEMAND WEBINAR | Cybersecurity 2014: The Impact on Global Companies
Download “Cybersecurity 2014: The Impact on Global Companies,” featuring Lisa Sotto, Partner and Chair of the Privacy and Security Practice for Hunton & Williams. Lisa will discuss the state of cybersecurity in 2014. You will learn cybersecurity best practices, the current state of data privacy legislation, and what to do in the event of a data breach.