According to a report from IBM, a data breach costs an organization $3.92 million on average. Plus, an estimated 19 million Canadians were affected by data breaches between November 2018 and June 2019.
For these reasons, data breach reporting can't be approached too carefully. You need to investigate, follow regulations and work to prevent future breaches, all in a timely manner. Taking the proper steps to resolve a cybersecurity incident can keep your organization from becoming the subject another negative headline.
Data breaches are among the most common security risks businesses face today. Download our eBook to learn how to protect your organization.
Step 1: Notify
As soon as you discover a data breach, it's essential to notify those affected. Simon Fogg, data privacy expert and legal analyst for Termly, says that "the first step is always to notify law enforcement, affected businesses, and affected individuals — in that order."
Time is really of the essence in this step. The faster you call the police, the faster they can investigate who was behind the breach. Quicker communications with partners and customers, patients or clients helps them take action to protect themselves before any further damage is done.
The European Union's General Data Protection Regulation (GDPR) requires that organizations report their data breach "within 72 hours of discovering the breach. It makes no distinction between size or type of business," says Allan Buxton of Secure Forensics.
Step 2: Comply with Regulations
After you have contacted the victims, the next step of data breach reporting is to check if any regulations apply to your organization. Every US state is different when it comes to data protection, so research what your state expects after a cybersecurity incident. If you do business with European Union residents, you will also have to comply with the rules of the GDPR.
Certain industries also have their own data protection regulations, including HIPAA for healthcare and FERPA for education. Cooperating with agencies and following regulation procedures can save your organization thousands or even millions of dollars in fines and penalties.
RELATED: Cybersecurity Tips to Keep Your Company Safe in 2019
Step 3: Investigate
Next comes one of the most important steps in data breach reporting: investigating how the breach occurred and what information was exposed. A hacker could have gotten through a weak spot, an employee may have fallen victim to a phishing scam or maybe someone lost their work laptop or USB key.
If a security flaw in your network or software led to the breach, fix it immediately. Change network and system passwords. Remote wipe the lost or stolen device, if applicable.
After you've figured out the cause of the breach, interview the employee(s) who discovered the breach, if that is how it was discovered, as well as anyone else who may have helpful information. The more evidence you gather, the more complete your data breach reporting will be. Also, be sure to document your investigation every step of the way.
Having a plan in place can make dealing with a data breach a bit less stressful. Use our free incident response plan template to create yours.
Step 4: Take Preventive Actions
After the incident has been stabilized, it's time to take measures to prevent future data breaches. Implement the latest cybersecurity techniques and tools to ensure the data you control is as secure as possible. Review policies and procedures for removing hardware, connecting devices and acceptable electronics use to make sure they are up-to-date, clear and thorough.
Use this Data Security Policy Template to ensure you've covered all the bases.
Additionally, look to industry trends and/or employee and client feedback to identify areas to improve. You can even test your system with a mock data breach every few months to see how it performs.
Case management software makes data breach reporting, investigations and risk management faster and easier. You can identify vulnerabilities and high-risk areas so you can take action before a problem arises, helping reduce your risk of data exposure.
RELATED: Summer Reading List: Cybersecurity
Step 5: Do Damage Control
After you have alerted those affected by the breach, news of the incident may spread fast, especially for large organizations. Regardless of size, though, doing damage control is almost always part of the data breach reporting process.
Start with a strong public relations campaign, assuring potential and current customers that your business is still secure. Communicate the preventive actions you've put in place to prevent similar incidents in the future.
Data breaches often result in customer churn, negative publicity or even a class-action lawsuit. Responding calmly, quickly and professionally can reduce the fallout after a cybersecurity incident.
"No one is immune from a data breach," warns Carrie Kerskie, identity theft, fraud and privacy expert. Even if you think your organization has the best cybersecurity money can buy, knowing the proper steps to data breach reporting and response is imperative.