Skip to content

Dealing with the “what now?” moment after a data breach


Subscribe to the Newsletter

Stay up to date with the latest news

sidebar-ipad

“What now?” 

It’s the first question retail leaders face after experiencing a data breach. The answer varies greatly, depending on the department’s response plan.  

Ecommerce and other types of online companies are not the only types of businesses at risk of encountering a data breach. In August 2019, Business Insider reported that 19 online and brick-and-mortar retailers and consumer companies had experienced data breaches since January 2018 due to flaws in payment systems. 

That’s why all businesses need a fully updated data breach incident response plan. The question of “what now?” should never be asked again. 

This is your blueprint for creating a disaster response plan for when a data breach hits. Since these attacks are growing in intensity, frequency and complexity, it’s next to impossible to prevent every assault on your business. Instead, look to a plan that you can have locked and loaded — the readiness can save you in time, money and customers lost.

Key takeaways
  • Data breaches exposed 4.1 billion records in the first six months of 2019.
  • A data breach response plan provides a retail business with a detailed set of instructions to protect everyone involved.
  • 77% of security and IT professionals indicated they do not have a cybersecurity incident response plan applied consistently across the enterprise.

You need a data breach incident response plan before the breach starts

Data breaches hit retail businesses and customers hard. The numbers don’t lie:

Every second counts when dealing with the fallout of a data breach. A response plan provides a retail business with a detailed set of instructions to follow in the event of a security intrusion to protect all stakeholders — including customers and the retail business brand reputation. Having such a plan well ahead of time will help contain and manage the event and any potential fallout, like compromised customer information that could lead to identity theft or a fraudulent transaction.

A well-designed data response plan is a time-saving tool that saves employees from shrugging their shoulders and wondering what to do next while IT infrastructure and sensitive data may still be at risk. Every business must have a regularly updated response plan. Once the plan is in place and your staff understands it, everyone can rest a little easier with the confidence that if a data breach hits, there will be no confusion, panic or wasted time and energy trying to figure out what to do.

Contain and manage data breaches with confidence

A data breach incident response plan helps IT staff and other key employees quickly and effectively detect and respond to any type of data breach event. This plan provides an opportunity to detect an attack and put procedures in place to minimize or contain the damage.  

The best way to avoid damage during a data breach is to establish a response framework, as an effective incident response plan relies on a framework to consult and decide on each ensuing action. Making key decisions ahead of time means that people do not have to think about the whole plan at once; rather, they can approach the plan on a step-by-step basis.  

Select teams in each department that will help identify, contain and recover operations after a breach. Key personnel should include legal and risk compliance teams, marketing teams and an executive sponsor.  

Assigned incident leaders ensure the correct IT resources are allocated to attend to the most vital aspects of the plan. Trained team members should have skills that help to handle customers’ questions, internal communications and public relations.  

Be sure to inform your staff of incident procedures, including the names of team members and contact information. Provide employee training sessions to ensure understanding and ability to carry out the plan.  

Fortunately, building the plan itself is fairly simple. Start by looking at what went wrong in previous attempts to mitigate the damage from other attacks and build your new action plan on those lessons.

Creating and executing your action plan

It’s hard to plan for every eventuality. But this action plan template provides the flexibility to attack complicated issues and empower your teams across different departments and functions.

Here’s how to implement a data breach incident response plan that helps everyone contain the event with confidence:  

  • Validate and investigate the data breach. Examine the initial incident report information along with available logs to verify whether a breach of sensitive information has occurred.  
  • Manage all evidence surrounding the event, carefully documenting all investigation and mitigation efforts. Include interviews with personnel and seek advice from legal counsel. 
  • Gather the incident team to begin the official investigation of the breach. The team should also continue to manage the status.  
  • Determine whether there is any need for outside help, such as law enforcement, with the assistance of executive leadership and legal counsel.  
  • Take steps to mitigate the impact, such as acting quickly to identify and secure all affected data. 
  • Notify the owners of any compromised data.  
  • Examine the incident as a post-mortem and “lessons learned” exercise to strive for continuous improvement.  

There’s no easy answer for planning for and managing data breaches. Finding the right balance between tight security and good customer experiences isn’t easy. Both should be at the top of your list for peak ecommerce website performance, but understanding the fraud vulnerabilities that live between the lines is essential. With a solid data breach incident response plan in place, you can get ahead of losses (financial, data and confidence) before they cripple your business. We hope these tips help you create the right response plan for your needs.

Chris Martinez

Chris is a content strategist at Signifyd.