So you’ve suffered a data breach? Here’s what you do next

It’s an announcement few information security specialists want to make: the organisation has suffered a data breach.

The breach itself is bad enough, but now everyone in the office is panicking. Some will grumble about how they’re going to miss deadlines, others will frantically wonder whether they’re responsible for the breach and a few will probably blame IT for not doing their job properly.

But it doesn’t have to be this way. Data breaches are such a prevalent threat that all organisations should be ready for them. Remember: it’s not a question of whether you’ll be breached, but of how you respond when it inevitably happens.

A swift response can ensure that you contain the incident promptly and give affected data subjects time to secure their accounts. It also proves to regulators and customers that your organisation takes data protection seriously.

How to respond

There are six steps to follow after your organisation has been breached:

  1. Situational analysis: Provide your supervisory authority with as much context as possible. This should include the initial damage (what happened), how it affected your organisation (what went wrong) and what caused it (how it happened).
  2. Assess the data that is affected: Try to determine the categories of personal data and the number of records concerned.
  3. Describe the impact: What are the consequences for affected parties? The answer will depend on the information that was compromised.
  4. Report on staff training and awareness: If the breach involved human error, work out whether the employee(s) in question received data protection training in the past two years. You should also provide your supervisory authority with details of your staff awareness training programme.
  5. Preventive measures and actions: What measures did you have in place before the breach to prevent incidents like this from occurring? What steps have you taken, or do you plan to take, to mitigate the damage?
  6. Oversight: You will need to provide the details of the breach to your supervisory authority, including the name of your DPO (data protection officer) or whoever handles data protection in your organisation.

Are you Data Breach Ready?

Knowing what you should be doing to contain a breach is only part of the equation. You also need to understand how to implement those measures. Finding advice can be frustrating, because the solutions often vary depending on the organisation – how it’s run, what its processes are, what resources it has at its disposal, and so on.

Vigilant Software understands these problems, and we have created flexible solutions to help organisations prepare for a data breach. Drawing on our years of experience developing and deploying risk management tools and services, our products reduce the complexity of your implementation project.

To request a free seven-day trial of any of our tools, please click here.

Our easy-to-integrate, Cloud-based tools – vsRisk Cloud, the Data Flow Mapping Tool, the DPIA Tool, GDPR Manager and Compliance Manager – help you identify your legal requirements, understand the data you process and conduct information security risk assessments in line with international best practice.

Suitable for organisations of all sizes, vsRisk Cloud is a leading information security risk assessment tool that delivers fast, accurate, auditable and hassle-free risk assessments year after year. Fully aligned with ISO 27001, it significantly cuts the consultancy costs typically associated with information security risk assessments, and helps protect your organisation from the penalties and financial losses associated with data breaches.

The Data Flow Mapping Tool simplifies the process of creating data flow maps, giving you a thorough understanding of the personal data your organisation processes and why, where it is held and how it is transferred.

The DPIA Tool walks you through the six steps you must complete as part of a DPIA (data protection impact assessment). The tool also helps you determine quickly whether a DPIA is required, and ensures you ask all the right questions.

GDPR Manager is your four-in-one compliance solution for managing your GDPR activities with one tool. It enables you to assess your data protection practices and manage some of the more arduous elements of GDPR compliance, such as recording and reporting data breaches, handling DSARs (data subject access requests) and determining whether third parties have suitable measures in place to protect personal data.

Avoid spending significant time and money researching relevant laws and regulations for your organisation with Compliance Manager. This software makes it easy to identify your legal and regulatory information security requirements.

Find out more

To learn more about our tools and protecting your organisation from a data breach, watch our short introductory videos: vsRisk Cloud, the Data Flow Mapping Tool, the DPIA Tool, GDPR Manager and Compliance Manager.

 To request a free seven-day trial of any of our tools, please click here.

*** This is a Security Bloggers Network syndicated blog from Vigilant Software Blog authored by Nicholas King. Read the original post at: