5 steps to security incident response planning

Most firms will experience a breach or vulnerability that exposes sensitive data. Minimizing impact on business and reputation depends on having a strong response plan before an incident happens.

cyber attack alert / data breach
Matejmo / Getty Images

Breach disclosure has recently been in the news, and not necessarily in a good way. Missouri Governor Mike Parson’s press conference on a newspaper’s reporting of a security vulnerability on the Department of Elementary and Secondary Education’s website created a social media backlash. He blamed the reporter who discovered publicly accessible sensitive data for the exposure rather than a faulty website implementation.

This incident reminded me of a lesson I learned years ago from several people who worked in communication regarding Microsoft security issues. A Microsoft security incident would be in the news with all sorts of details, but the Microsoft security communications team would be annoyingly and frustratingly silent. I’d take this as a sign that they didn’t understand the security issue at hand, but later I would find out that they were either waiting for follow-up resolution or some fact that was still being investigated.

Being first to break the news about a security event often means you will get something wrong, or worse yet, your spokespeople do not fully understand the situation and give wrong information that often cannot be easily remedied. In this 24/7 news world, being too communicative too soon in the process can often bring unnecessary scrutiny to your security issue. You don’t want to be first to communicate, nor the last. There is always a middle ground of communication that should be followed in breach notifications.

It’s wise to have a plan in place for how you will respond to a breach. Here’s how to build that plan.

Know your cyber insurance carrier’s breach processes

To continue reading this article register now

Microsoft's very bad year for security: A timeline