Here's how to deal with an information security breach......

We all hope that we will not be the subject of an informations ecurity breach but the chances are that all organisations will have a form of data breach at some time. Your effective response to an information Security Breach may have an impact on your company's public profile and the costs involved with the breach.

Have a plan. Don't wait to have a security breach before deciding what you should be doing in the event of one. Have a strategy in place that you can bring into action as and when the breach occurs. Avoid Panic. Whether you are CEO, CIO, or any other senior officer, an information security breach can be alarming, but you should not panic. Evaluate the situation and decide on a plan of action as you would with any other business problem.

Secure the System. Take appropriate steps to contain and control the breach, to prevent further unauthorised access to or use of the personal information. You should preserve records and any other evidence. If the breach involves a lost or stolen computer or other portable media, secure any back-up files that show the information contained in the compromised system. It is helpful to make a mirror image of the records on your computer system or perform a comprehensive backup to ensure the preservation of information.

Organise a Response Group. You should take steps to ensure that other key members of staff and board members are notified of the information breach. Decide on a group who can make decisions to deal with the breach. the team should comprise of people who have technical expertise to deal with the situation and also who understand the nature of the information which has been breached and can advise on the information which may have been compromised or is at risk.

Retain Outside Advice. Retain outside advisors who have relevant expertise to help you decide upon a strategy, manage an internal investigation and comply with any notice or regulatory requirements.

Engage a Computer Forensic Investigator. Enlist the services of a firm specialising in computer forensics, cyber-crime response, internal investigations, and the preservation, analysis and production of electronic data.

Notify the relevant authorities. This should include the Information Commissioners Office if the breach is severe enough. Other organisations may include your insurer and the police depending on the type of breach.

Plan a Media Response. Any company which has been the subject of an information security breach should consider how they are going to deal with the press enquiries which may result. A severe breach which results in an ICO investigation will bring an interest in t the organisations which may need professional media experts to handle effectively. Any public statement should be factually accurate but reassure customers, potential customers and staff.

Review Your Company’s Privacy and Data Security Policies. If your company has adopted written privacy or data protection policies, review them to assess the company’s compliance with those policies in the context of the incident. Any response to the incident should be consistent with your internal policies. Also consider whether additional staff training is required to enforce the correct procedures when dealing with personal information.

Check Your Insurance. Check your insurance policies and other policies for potential coverage. Take the steps necessary to ensure that you do not lose insurance coverage by failing to give the required notice to the insurer or to meet any other procedural requirements. Make sure that you understand the company’s indemnity obligations under contracts with any third party involved in the incident, such as a client or vendor. If you need any help or advice, we would love to help. Please contact me for further information at ask@audit-and-risk.co.uk