Being hit with a data breach is difficult to cope with. Organizations should have a defined set of procedures to follow in case they experience a data breach. Surprisingly, we have not seen any organization have that as a ready reckoner. The human mind always expects bad things to happen only to someone else. So, here is a list of pitfalls to avoid if your organization is the victim of a data breach.
1. Specialists do their job better than generalists who are trying to do it for the first time – that too while under tremendous stress. Consider using the services of an external incidence response team.
2. The laws and regulations that govern the various sectors is an ever growing list. The in-house legal team may not have knowledge in all related areas. External legal advisors who have experience in breach handling may be sought.
3. Lack of clear communication or incorrect communication leads to customers and other stake holders feeling further let down by the organization. This is especially true for card related breaches – customers who are affected need to be given clear assurance that the organization is doing everything it possibly can.
4. The media handling of the situation is critical and it should be done keeping in mind that improper handling of the media can cause irrevokable damage to the brand that the organization may have built over a number of years. Documented and tested plans for a breach should exist.
5. Breach notification timelines should be adhered to. Once an organization suspects a breach, it should expediate steps to obtain confirmation and once confirmation has been obtained, the organization should notify the breach. Breach notification should not be put off until a more convenient/ comfortable date. Notification should not be pushed back on account of, say, Christmas shopping during the Christmas season.
6. There should be plans in place that address how to engage with customers and other audiences once the breach is resolved, as well as the establishment of additional measures to prevent future incidents.
7. Keep the customer in mind. Provide some sort of relief to your customers eg. year long credit score monitoring,