Does Your Company Have a Data Breach Plan?

Does Your Company Have a Data Breach Plan


The average cost to deal with cybercrime for an organization was $13 million in the United States this year, which is a $1.4 million increase. With the ever-expanding new business, the innovation landscape comes with an expanding threat landscape. Having a response plan to handle data breaches ensures that an organization can survive an intrusion and be running without major or prolonged business disruption.

Having a response plan instituted in an organization and regularly practicing it allows everyone with the basic steps to know what to do to identify, escalate, and mitigate data breaches.

Data Breach Today recommends 7 steps in building a data breach preparedness plan:

  1. Invest in Monitoring Capabilities – It is essential to get corporate buy-in to institute an effective response plan which includes both intrusion detection and prevention systems such as firewall logs, IDS, IPS, and EDR (endpoint detection & response)
  2. Build a Response Plan – Having a good plan means organizations spend less time figuring out what to do and actually move ahead in putting out fires!
  3. Regularly Review and Update Plans – Such review would include the following areas:
  • External hack and data theft
  • Malicious insider
  • Loss of employees’ personally identifiable information
  • Some type of physical loss data
  • Ransomware event or denial-of-service disruption
  • Attack against the organization’s IP or C-suite executives
  1. Practice Paying Ransomware Attackers – Practicing not only tests how to respond but allows a company to see which internal and external services might need to be readied.
  2. Identify Breach Response Stakeholders – Identifying everyone who must be involved in the response plan – as well as at which stages – is key.
  3. Run Tabletop Exercises – These mock cyberattacks are an excellent way to refine plans.
  4. Watch How Peers Get Pwned! – Paying attention to attacks occurring in other organizations can help understand the kinds of threats that currently exist, and assess a company’s own vulnerabilities and preparedness to the same threats. Security experts recommend joining the U.S. Secret Service Electronic Crimes Task Force program and FBI InfraGard.

By instituting a data-breach protection program, you can reduce the costly repercussions and ensure the future value and trust of your company at sustainably higher levels.



Contact LIFARS Today

Security Advisory Services