3 Best Practices for Preparing a Defensible Breach Response Plan
Football teams understand that it’s hard to be a contender without an elite quarterback running their offense. A top-tier quarterback excels at real-time situational awareness, clear communication with key personnel, and making sound decisions that put the team in a position to win.
In a breach situation, the general counsel must serve as the primary signal-caller, ensuring that all of the legal facets of incident response are coordinated across a large and growing set of internal and external stakeholders.
Because the stakes are so high, the general counsel can no longer afford to be passive and react to data incidents and breaches as they happen. Instead, they must be proactively engaged in defining an incident response plan, training the staff to carry out the plan and coordinating the activity during the event. And they need to start now.
1. Assess Your Breach Notification and Reporting Requirements.
Not all incidents are created equal. Reporting requirements can vary significantly according to jurisdiction, industry or size. The standards that regulators are setting to hold organizations to account vary significantly, yet there are no exceptions made based on an inability to keep pace. Throughout the response timeline, it is crucial that the general counsel will be able to manage the flow of information within the organization as well as with external stakeholders. This includes the regulators, the technical team dealing with the fallout and restoration of services, the privacy and legal teams, outside counsel, management, shareholder relations, and the board and key investors.
Of course, just because a breach has been mitigated, the general counsel’s job isn’t done. Ensuring the accurate and transparent flow of information is also essential post-breach. A baseline set of communication guidelines for business-critical and urgent communications should be established, including what can be communicated, the sequence of communications and how those communications should be delivered.
2. Build a Rapid Response and Notification Team.
Every minute counts when it comes to responding to a data breach in terms of mitigating the damage, as well as ensuring that each of the stakeholders fully understands its role and responsibilities. An incident response team should be cross-functional, with the roles and responsibilities of each team member clearly defined, and should include stakeholders from the C-suite and the board as well as from legal, operations, HR, PR/communications, engineering and so forth.
A modern response plan must also be defensible. It should, for instance, be able to demonstrate in the event of a breach how an attacker was able to establish and escalate administrative rights, or determine what jurisdictions are in play and what the decision process is to determine reportability in each jurisdiction. It’s also important to remember that it’s not enough to have a plan. Any good plan needs to be regularly tested and refined to ensure that what’s been mapped out on paper also works in a real-life situation.
3. Unify your Governance, Risk and Compliance Silos.
The data that a team needs to be effective in their response typically resides in departmental silos, hampering collaboration efforts that will ultimately delay a timely response. A unified legal governance, risk and compliance (GRC) strategy can help connect the people, processes and technologies needed to ensure compliance, reduce risk and optimize operations to meet the tight timelines required of these regulations. Those that have a unified legal GRC approach will have greater visibility into their data, will be able to better assess the impact that a breach will have on their organization, and will be able to manage the specific response tasks in a more holistic and efficient manner. Those that do not will be left with siloed approaches that misrepresent their risk exposure, and have the potential to fail compliance due to a lack of available information.
Although no amount of careful planning will guarantee that your organization won’t become a victim of a data breach, having a thorough and battle-tested plan in place will serve as a vital roadmap in the event that the unthinkable actually happens.
Download the report here: https://www.exterro.com/resources/the-exterro-quick-guide-to-data-breach-response