What Does the DOJ Say About Responding to Data Breach?

Posted by Edward Sharkey on Thu, 01/28/2016 - 05:00

We previously posted about the importance of developing cybersecurity policies that include early detection mechanisms and thorough response plans. That post highlighted the potential damages that a business could be liable for if it is the victim of a data breach. These damages range from the expense of notifying affected individuals to the intangible harm done to its reputation. Big companies like Target and Michaels are often able to shoulder these consequences and carry on. For small businesses, a substantial data breach could prove disastrous.

The newly formed Cybersecurity Unit of the Department of Justice issued guidance on how organizations and businesses can effectively prevent and respond to potential data breaches. The guidance outlines steps to take before a data breach occurs and steps for responding to a data breach after the intrusion. Significant steps recommended by the unit include:

1. Identifying your business’ most critical data, assets, and services to determine which areas warrant the most protection;

2. Creating an actionable data breach response plan that includes lead responsibility designations, protocols for properly preserving data related to the intrusion, policies for notification of affected individuals, and policies for notifying law enforcement and/or a computer incident-reporting organization;

3. Obtaining access to the technology and services needed to respond to a data breach such as off-site data back-up, intrusion detection capabilities, and data loss prevention technologies;

4. Obtaining appropriate authorization to monitor your business’ network;

5. Maintaining relationships with experienced legal counsel, appropriate law enforcement agencies, and cyber information sharing organizations; and

6. Ensuring that your business’ data breach response plan aligns with existing human resource policies in order to decrease the risk of inside threats.

Exposure to data breaches will likely continue to increase. Taking proactive steps to protect your business’ most valuable data and developing a thorough response plan will help to mitigate damages and minimize liability should your business become the victim of a cybersecurity attack.

Call Today (301) 657-8184

 Google+  View Edward Sharkey's profile on LinkedIn