How To
5 Ways To Survive a Data Breach Investigation
When the digital forensics crew comes in to investigate a possible data breach, company execs often make matters worse by not being prepared. Here are five ways to keep it from happening to you.
By Bill Brenner, Senior Editor
3. Bring in the lawyers
Company executives are often slow to bring in legal counsel. That's unfortunate, Fitzgerald said, because the lawyers are on your side and can help you construct a sound game plan to keep the company out of trouble.
"When you bring in lawyers, psychologically it makes the problem real," he said. "It's scary for executives who don't want to make it look like they're circling the wagons."
The best approach is to collect every bit of information that may be helpful, give it to legal counsel and let them piece together the story.
4. Decide if you want a "loud" or "silent" probe
Companies should decide at the beginning if they want investigators to come in with a bang or a whisper. The right approach depends on what a company thinks it's up against.
"When we come in companies have us either do it with guns drawn and blazing, equipment in bags and boxes wheeled in, looking like we're hunting for aliens, or they have us come in quietly in a way where no one knows we're even there," he said. If the company smells a rat, the loud approach could be used to rattle employees who might know something into coming clean.
"They want to make an example of the incident," Fitzgerald said. "They have a pretty good idea that it may have been an employee or team of employees leaving to work for a competitor. They want to show that they have control and power and that whoever tries to steal is going to get caught."
More often than not, the quiet approach is called for. Employees typically want to do the right thing, Fitzgerald said, and if his team is polite and friendly and set up shop in a conference room off to the side, the work is done in three hours and data is taken back to the lab.
"If someone is still with the organization, you want to go in quietly, at night and on weekends. They don't want to make a big thing of it until they know what they are dealing with and what the potential liability is."
5. Educate the employees
Fitzgerald said education is the best way to ensure people like him aren't needed in the first place.
"Educating employees is so important," he said. "If they know what they can and can't do and all the tech policies are in place, the potential for an incident drops dramatically."
Other stories by Bill Brenner
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
