SlideShare a Scribd company logo

5 Steps to Manage a Data Breach

SecurityMetrics, profile picture
SecurityMetrics

This document outlines 5 steps to successfully protect an organization's brand image in the event of a data breach: 1. Contain the breach by isolating affected systems, implementing an incident response plan, and preserving evidence. 2. Investigate to fix systems and prevent further damage by following the incident response plan and assembling an incident response team. 3. Consider public communications by determining notification procedures, identifying spokespeople, and crafting audience-specific statements with legal counsel.

Data & Analytics
1 of 1
Download to read offline
Successfully Protecting Your Organization's Brand Image If you suspect a data breach, your goal is clear: stop information from being stolen, and repair your systems so it won’t happen again. The following 5 steps will help you successfully stop information from being stolen, mitigate further damage, and restore franchise operations as quickly as possible. OF BREACHES INVESTIGATED BY SECURITYMETRICS FORENSIC INVESTIGATORS: A BUSINESS TYPICALLY LEARNS THEY’VE BEEN BREACHED IN ONE OF FOUR WAYS: 33%Food Services Retail Trade Hospitality 29% 10% HOTELHOTEL A bank informs you Law enforcement Discovered Internally A customer's complaint DO YOU SUSPECT A DATA BREACH? consulting@securitymetrics.com 801.705.5656 ISOLATE THE AFFECTED SYSTEM(S) TO PREVENT FURTHER DAMAGE. CONTAIN THE BREACH3.3. Implement your IRP Disconnect from the Internet Document the entire incident Disable remote access capability and wireless access points Change access control credentials (usernames and passwords) Segregate all hardware devices in the payment process Quarantine instead of deleting (removing) identified malware Preserve firewall settings, firewall logs, system logs, and security logs Restrict Internet traffic Contact your merchant processing bank Consider hiring a law firm experienced in managing data breaches 2.2.PRESERVE EVIDENCE WHEN YOU OR YOUR FRANCHISEES DISCOVER A BREACH, REMEMBER: Don’t panic Don’t take any hasty actions Don’t wipe and re-install your systems (yet) Do follow your incident response plan START YOUR INCIDENT RESPONSE PLAN1.1. Assemble your Incident Response team immediately Inform franchisees of your IRP Teach franchisees of immediate and long-term actions 4.4.CONSIDER PUBLIC COMMUNICATIONS Determine how and when notifications will be made Know legislated mandatory time frames Identify who is responsible for public statements Seek the guidance of your legal counsel Don't allow employees to announce the breach Craft specific statements that target various audiences INVESTIGATE, FIX YOUR SYSTEMS, AND IMPLEMENT YOUR CYBER INSURANCE PLAN5.5. BRING AFFECTED SYSTEMS BACK ONLINE Ensure all systems have been: Hardened Patched Replaced Tested SET YOUR BREACH PROTECTION SERVICES INTO MOTION Breach protection services can reimburse for: Forensic investigation fees Notification costs Card brand fines REMEMBER, PRACTICE REDUCES PANIC!REMEMBER, PRACTICE REDUCES PANIC! © 2016 SecurityMetrics

More Related Content

PPTX
Website security
RIPPER95
 
PPTX
Tips for Securing Your Workstation
Brian Solomon, MBA
 
PDF
CYBER ATTACK RECOVERY GUIDE
MUHAMMAD HUZAIFA CHAUDHARY
 
PPTX
LTS Secure offers PIM User Activity Monitoring
rver21
 
PDF
What Does a Data Breach Cost?
CBT Nuggets
 
PDF
Ransomware
Manashay raju Yannapu CISM ,AWS AI/ML
 
PPTX
Computer security
Carolyn Brockman
 
PPTX
Priviledged Identity Management
rver21
 
Website security
RIPPER95
 
Tips for Securing Your Workstation
Brian Solomon, MBA
 
CYBER ATTACK RECOVERY GUIDE
MUHAMMAD HUZAIFA CHAUDHARY
 
LTS Secure offers PIM User Activity Monitoring
rver21
 
What Does a Data Breach Cost?
CBT Nuggets
 
Ransomware
Manashay raju Yannapu CISM ,AWS AI/ML
 
Computer security
Carolyn Brockman
 
Priviledged Identity Management
rver21
 

What's hot (18)

PPTX
Computer security b
Carolyn Brockman
 
PDF
Ri cyber-security-for-your-small-business
Meg Weber
 
PPTX
Computer Security B
Carolyn Brockman
 
PPT
Ahearn Security Presentation
johnjamesahearn
 
PPTX
Courion Survey Findings: Access Risk Attitudes
Courion Corporation
 
PDF
Security Operations Strategies
Siemplify
 
PDF
WHY WE FAIL TO DETECT HACKERS ON THE INTERNET
netmonastery
 
DOCX
Information security policy
BalachanderThilakar1
 
PDF
Security Scare - Cybersecurity & What to Do About It!
Craig Rispin
 
PDF
Is Your Data Secure?
CBIZ & MHM Phoenix
 
PPT
29386971 hacking
joeymar143
 
PPSX
BSA/AML Title 31 Software beyond compare!
Stringfellow Consulting Services
 
PPT
DataPreserve- SEVRAR Jan 09
Mike Garland
 
PDF
Ransomware Prevention Guide
Brian Honan
 
PPTX
Phishing: How to get off the hook using Intelligent IAM
Courion Corporation
 
PPTX
10 Steps to Better Security Incident Detection
Tripwire
 
PPTX
Insider Threats: Out of Sight, Out of Mind?
ObserveIT
 
PPTX
Nagios Conference 2014 - Abbas Haider Ali - Proactive Alerting and Intelligen...
Nagios
 
Computer security b
Carolyn Brockman
 
Ri cyber-security-for-your-small-business
Meg Weber
 
Computer Security B
Carolyn Brockman
 
Ahearn Security Presentation
johnjamesahearn
 
Courion Survey Findings: Access Risk Attitudes
Courion Corporation
 
Security Operations Strategies
Siemplify
 
WHY WE FAIL TO DETECT HACKERS ON THE INTERNET
netmonastery
 
Information security policy
BalachanderThilakar1
 
Security Scare - Cybersecurity & What to Do About It!
Craig Rispin
 
Is Your Data Secure?
CBIZ & MHM Phoenix
 
29386971 hacking
joeymar143
 
BSA/AML Title 31 Software beyond compare!
Stringfellow Consulting Services
 
DataPreserve- SEVRAR Jan 09
Mike Garland
 
Ransomware Prevention Guide
Brian Honan
 
Phishing: How to get off the hook using Intelligent IAM
Courion Corporation
 
10 Steps to Better Security Incident Detection
Tripwire
 
Insider Threats: Out of Sight, Out of Mind?
ObserveIT
 
Nagios Conference 2014 - Abbas Haider Ali - Proactive Alerting and Intelligen...
Nagios
 
Ad

Similar to 5 Steps to Manage a Data Breach (20)

PDF
Data Security: A field guide for franchisors
Grant Thornton LLP
 
PDF
Data Breach Response: Before and After the Breach
Financial Poise
 
PPT
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers
 
PPT
FTC Protecting Info A Guide For Business Powerpoint
Bucacci Business Solutions
 
PDF
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
CyberPro Magazine
 
PDF
ISACA Los Angeles 2010 Compliance - Ulf Mattsson
Ulf Mattsson
 
PPT
George Gavras 2010 Fowler Seminar
Don Grauel
 
PDF
Measure To Avoid Cyber Attacks
Skillmine Technology Consulting
 
PDF
Measures to Avoid Cyber-attacks
Skillmine Technology Consulting
 
PPT
Tips to Protect Your Organization from Data Breaches and Identity Theft
Case IQ
 
PPTX
Certified Banking TPM - Module 3 powerpoint presentation
trevor501353
 
PPTX
CyberCare Pro - Cybersecurity for SME's updated.pptx
margueritemcleod1
 
PDF
Ways to Safeguard Your Business from a Data Breach
The Inc Magazine
 
PDF
Cybersecurity a short business guide
larry1401
 
PDF
Data Breach Response: A Guide for Business
- Mark - Fullbright
 
PDF
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Turner and Associates, Inc.
 
PPTX
I’ve Been Hacked  The Essential Steps to Take Next
Brian Pichman
 
PPSX
November 2017: Part 6
seadeloitte
 
PPTX
Cyber security threats and its solutions
maryrowling
 
PDF
Treat a Breach Like a Customer, Not a Compliance Issue
Resilient Systems
 
Data Security: A field guide for franchisors
Grant Thornton LLP
 
Data Breach Response: Before and After the Breach
Financial Poise
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers
 
FTC Protecting Info A Guide For Business Powerpoint
Bucacci Business Solutions
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
CyberPro Magazine
 
ISACA Los Angeles 2010 Compliance - Ulf Mattsson
Ulf Mattsson
 
George Gavras 2010 Fowler Seminar
Don Grauel
 
Measure To Avoid Cyber Attacks
Skillmine Technology Consulting
 
Measures to Avoid Cyber-attacks
Skillmine Technology Consulting
 
Tips to Protect Your Organization from Data Breaches and Identity Theft
Case IQ
 
Certified Banking TPM - Module 3 powerpoint presentation
trevor501353
 
CyberCare Pro - Cybersecurity for SME's updated.pptx
margueritemcleod1
 
Ways to Safeguard Your Business from a Data Breach
The Inc Magazine
 
Cybersecurity a short business guide
larry1401
 
Data Breach Response: A Guide for Business
- Mark - Fullbright
 
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Turner and Associates, Inc.
 
I’ve Been Hacked  The Essential Steps to Take Next
Brian Pichman
 
November 2017: Part 6
seadeloitte
 
Cyber security threats and its solutions
maryrowling
 
Treat a Breach Like a Customer, Not a Compliance Issue
Resilient Systems
 
Ad

More from SecurityMetrics (20)

PPTX
Hipaa Reality Check
SecurityMetrics
 
PPTX
Understanding the New PCI DSS Scoping Supplement
SecurityMetrics
 
PDF
How to Effectively Manage a Data Breach
SecurityMetrics
 
PDF
How to Secure Your Medical Devices
SecurityMetrics
 
PDF
How to Prepare for a PCI DSS Audit
SecurityMetrics
 
PDF
Medical Data Encryption 101
SecurityMetrics
 
PDF
Securing Your Remote Access Desktop Connection
SecurityMetrics
 
PDF
Window of Compromise
SecurityMetrics
 
PDF
HIPAA PHI Protection: Where is Your PHI Stored?
SecurityMetrics
 
PDF
The 5 Step HIPAA Risk Analysis
SecurityMetrics
 
PDF
5 Documents to Prepare for a HIPAA Audit
SecurityMetrics
 
PDF
Don't Let Phishing Emails Hook Your Empolyees
SecurityMetrics
 
PDF
What's Causing You to Store Unencrypted Payment Cards?
SecurityMetrics
 
PPTX
Auditing Archives: The Case of the File Sharing Franchisee
SecurityMetrics
 
PPTX
Auditing Archives: The Case of the Evil Java Script
SecurityMetrics
 
PPTX
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
SecurityMetrics
 
PPTX
The Case of the Suspiciously Flawless Investigation
SecurityMetrics
 
PPTX
The Case of the Mistaken Malware
SecurityMetrics
 
PPTX
The Case of the Stockpiled Credit Cards
SecurityMetrics
 
PPTX
What Does the End of Windows XP Mean For Businesses?
SecurityMetrics
 
Hipaa Reality Check
SecurityMetrics
 
Understanding the New PCI DSS Scoping Supplement
SecurityMetrics
 
How to Effectively Manage a Data Breach
SecurityMetrics
 
How to Secure Your Medical Devices
SecurityMetrics
 
How to Prepare for a PCI DSS Audit
SecurityMetrics
 
Medical Data Encryption 101
SecurityMetrics
 
Securing Your Remote Access Desktop Connection
SecurityMetrics
 
Window of Compromise
SecurityMetrics
 
HIPAA PHI Protection: Where is Your PHI Stored?
SecurityMetrics
 
The 5 Step HIPAA Risk Analysis
SecurityMetrics
 
5 Documents to Prepare for a HIPAA Audit
SecurityMetrics
 
Don't Let Phishing Emails Hook Your Empolyees
SecurityMetrics
 
What's Causing You to Store Unencrypted Payment Cards?
SecurityMetrics
 
Auditing Archives: The Case of the File Sharing Franchisee
SecurityMetrics
 
Auditing Archives: The Case of the Evil Java Script
SecurityMetrics
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
SecurityMetrics
 
The Case of the Suspiciously Flawless Investigation
SecurityMetrics
 
The Case of the Mistaken Malware
SecurityMetrics
 
The Case of the Stockpiled Credit Cards
SecurityMetrics
 
What Does the End of Windows XP Mean For Businesses?
SecurityMetrics
 

Recently uploaded (20)

PPTX
Computer network topology notes for revision
BatoolRawat
 
PPTX
Introduction-to-Cloud-ComputingFinal.pptx
testnet29393883
 
PDF
Mega Projects Data Mega Projects Data
saidsalah8181
 
PDF
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
PDF
Lecture1 pattern recognition............
ZafriFarid
 
PPT
Miokarditis (Inflamasi pada Otot Jantung)
NandaAndini1
 
PDF
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
PPTX
Introduction to Basics of Ethical Hacking and Penetration Testing -Unit No. 1...
AshutoshDeshmukh33
 
PPTX
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
PPTX
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
 
PPTX
IB Computer Science - Internal Assessment.pptx
agarwal18harsh08
 
PPTX
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
PPTX
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
PPTX
CEE 2 REPORT G7.pptxbdbshjdgsgjgsjfiuhsd
hildogavino28
 
PPTX
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
PPTX
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 
PPT
Quality review (1)_presentation of this 21
abobaker13
 
PDF
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
PPTX
advance b rammar.pptxfdgdfgdfsgdfgsdgfdfgdfgsdfgdfgdfg
rohullahansari5
 
PDF
.pdf is not working space design for the following data for the following dat...
jerinjoy242
 
Computer network topology notes for revision
BatoolRawat
 
Introduction-to-Cloud-ComputingFinal.pptx
testnet29393883
 
Mega Projects Data Mega Projects Data
saidsalah8181
 
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
Lecture1 pattern recognition............
ZafriFarid
 
Miokarditis (Inflamasi pada Otot Jantung)
NandaAndini1
 
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
Introduction to Basics of Ethical Hacking and Penetration Testing -Unit No. 1...
AshutoshDeshmukh33
 
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
 
IB Computer Science - Internal Assessment.pptx
agarwal18harsh08
 
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
CEE 2 REPORT G7.pptxbdbshjdgsgjgsjfiuhsd
hildogavino28
 
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 
Quality review (1)_presentation of this 21
abobaker13
 
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
advance b rammar.pptxfdgdfgdfsgdfgsdgfdfgdfgsdfgdfgdfg
rohullahansari5
 
.pdf is not working space design for the following data for the following dat...
jerinjoy242
 

5 Steps to Manage a Data Breach

  • 1. Successfully Protecting Your Organization's Brand Image If you suspect a data breach, your goal is clear: stop information from being stolen, and repair your systems so it won’t happen again. The following 5 steps will help you successfully stop information from being stolen, mitigate further damage, and restore franchise operations as quickly as possible. OF BREACHES INVESTIGATED BY SECURITYMETRICS FORENSIC INVESTIGATORS: A BUSINESS TYPICALLY LEARNS THEY’VE BEEN BREACHED IN ONE OF FOUR WAYS: 33%Food Services Retail Trade Hospitality 29% 10% HOTELHOTEL A bank informs you Law enforcement Discovered Internally A customer's complaint DO YOU SUSPECT A DATA BREACH? consulting@securitymetrics.com 801.705.5656 ISOLATE THE AFFECTED SYSTEM(S) TO PREVENT FURTHER DAMAGE. CONTAIN THE BREACH3.3. Implement your IRP Disconnect from the Internet Document the entire incident Disable remote access capability and wireless access points Change access control credentials (usernames and passwords) Segregate all hardware devices in the payment process Quarantine instead of deleting (removing) identified malware Preserve firewall settings, firewall logs, system logs, and security logs Restrict Internet traffic Contact your merchant processing bank Consider hiring a law firm experienced in managing data breaches 2.2.PRESERVE EVIDENCE WHEN YOU OR YOUR FRANCHISEES DISCOVER A BREACH, REMEMBER: Don’t panic Don’t take any hasty actions Don’t wipe and re-install your systems (yet) Do follow your incident response plan START YOUR INCIDENT RESPONSE PLAN1.1. Assemble your Incident Response team immediately Inform franchisees of your IRP Teach franchisees of immediate and long-term actions 4.4.CONSIDER PUBLIC COMMUNICATIONS Determine how and when notifications will be made Know legislated mandatory time frames Identify who is responsible for public statements Seek the guidance of your legal counsel Don't allow employees to announce the breach Craft specific statements that target various audiences INVESTIGATE, FIX YOUR SYSTEMS, AND IMPLEMENT YOUR CYBER INSURANCE PLAN5.5. BRING AFFECTED SYSTEMS BACK ONLINE Ensure all systems have been: Hardened Patched Replaced Tested SET YOUR BREACH PROTECTION SERVICES INTO MOTION Breach protection services can reimburse for: Forensic investigation fees Notification costs Card brand fines REMEMBER, PRACTICE REDUCES PANIC!REMEMBER, PRACTICE REDUCES PANIC! © 2016 SecurityMetrics