Preparing for a Security Breach
MINIMIZE DAMAGE TO YOUR ORGANIZATION WITH A BREACH PLAN“ We have a security breach.” It’s the news no one wants to hear (or tell) – and for good reason.
Companies that experience a security breach can lose customer data, business, and
— worst of all — their customers’ trust. That’s because security breaches can cause real
and potentially prolonged damage to consumers’ financial security.
The bottom-line impact of a security breach — to businesses and consumers — can be big.
New-account fraud loss averaged $2,379 per incident in 2015, and existing-card fraud cost
Americans $8 billion1. And in some situations, a security breach can disrupt the normal
workflow of the business, causing additional concerns for the company’s profitability.
THE IMPORTANCE OF A BREACH PLAN
If your organization were the target of a security breach, would everyone know what to
do? Or would a sense of panic take hold as your team frantically strategized about how
to handle the situation?
A breach plan can help you put the right processes in place before a security breach
hits — so you can minimize the damage and move on as quickly as possible. A good
breach plan should:
• Initiate a rapid and appropriate response• Communicate clearly to people at risk• Establish identity theft protection for your customers• Track and monitor results
The right plan can also help your organization fulfill federal and state notification
requirements on time. And it can help to ease some of the concerns of your investors
and customers.
1 2016 Identity Fraud, Javelin Strategy & Research, February 2016.
In 2015 alone, more than 32 million people were notified of a security breach1, and the percentage of security breach victims who had their SSNs stolen tripled1. As a result, more than one in five security breach victims became victims of identity theft in 20151.
CREATE YOUR INTERNAL TEAM
The first step in creating a breach plan is putting together the right team within your
organization. This multi-functional team should include representatives from executive
leadership, as well as from your customer service, human resources, I/T, legal, and
public relations/communications departments. A project lead should also be selected
to manage the company’s response. An overview of these roles is below.
ROLE RESPONSIBILITIES
Project Lead • Determine what level of response is needed• Direct the implementation of the organization’s breach response
plan• Manage the breach response team• Make sure the steps taken in reaction to the breach are
fully documented
Executive Leadership • Make high-level decisions• Communicate to the rest of senior leadership, the board of
directors, and other key groups
Customer Service • Ensure accurate and up-to-date information is given to customers by customer service reps
• Track customers’ most frequent questions and worries• Provide front-line feedback to the rest of the team
Human Resources • Coordinate communications to current and former employees• Work with benefit providers if needed
Information Technology (I/T)
• Lead efforts to contain the breach• Determine key security risks to include in documented breach
response plan• Ensure I/T staff are trained in appropriate breach response actions• Identify and remove the source of the breach• Help outside partners with post-breach forensics
Legal • Ensure proper procedures are followed to inform customers, law enforcement, members of the media and others
• Review key communications regarding the incident
PR/Communications • Oversee crisis management communications• Manage communication with reporters• Monitor media coverage and respond to unfavorable coverage• Create content to be distributed through key communication
channels to customers, investors, etc.
IDENTIFY EXTERNAL RESOURCES
Taking the time now — before a breach occurs — to find the right partner outside your
organization will help tremendously in the event of an incident. A qualified, experienced
service provider who focuses on security breaches and identity theft protection can
provide invaluable help before, during and after a security breach.
In the event of a security breach, the right partner can help your organization:
• Avoid fines• Reduce the likelihood of litigation• Minimize bad press
• Minimize business losses• Comply with regulations• Reassure victims and investors
Look for a security breach partner who can help you identify ways to prevent a breach
in the first place. The partner should also be able to educate your team on the services
provided and their role in the breach plan.
In addition to a security breach resolution partner, you may also want to consider
vendors who specialize in:
• Crisis communications. Look for a firm with proven experience helping with security breach events.
• Data forensics. A forensics partner should be able to help leadership identify organizational risks based on the technical details of the breach.
• Legal issues. The right legal partners can help your organization fulfill legal requirements and protect itself from additional risk.
Finally, your security breach plan should include immediate work on relation-
ship-building with state attorneys general, state and federal law enforcement
and other regulatory agencies. Start by creating a contact list and making sure
your team understands reporting requirements and deadlines.
If an incident occurs, the partner should be able to help you craft a proven communications plan that explains the situation to affected parties and outlines the steps you’re taking to proactively protect them — including providing identity theft protection.
BREACH RESPONSE CHECKLIST
What should you do if your organization is the target of a security breach? While the
specific steps will vary based on your industry, the type of breach, and other factors,
this checklist will give you an idea of steps to consider.
�Validate the data breach. Examine the initial information and available
logs to confirm that a breach has occurred.
�Assemble your team. This is the time to pull together your internal
security breach team.
�Determine the scope and composition of the breach. Is criminal activity
suspected? If so, notify law enforcement. Also identify all affected data,
machines, and devices.
�Notify the data owners within your organization. Work collaboratively with
data owners to secure sensitive data, mitigate the damage that may arise
from the breach, and determine the root cause(s) of the breach to devise
mitigating strategies and prevent future occurrences.
�Decide how to investigate the data breach. Will you use in-house
resources or an outside service provider? This should be determined
in advance of a breach.
�Notify affected individuals. This should be done as soon as possible
after the breach is discovered and should be done in accordance with
applicable federal, state, and local laws. As part of the notification,
consider offering identity theft protection services to mitigate the risk
of negative consequences for those affected.
�Collect and review any breach response documentation and analyses
reports. This step will help you determine the probable cause(s) of the
breach and minimize the risk of future problems.
No one can prevent all identity theft.© 2016 LifeLock, Inc. All Rights Reserved. LifeLock and the LockMan Logo are registered trademarks of LifeLock, Inc.
Visit LifeLockBusinessSolutions.comor call 1-877-511-7906 to speak to a breach consultant today.
CONSIDER CYBER INSURANCE
The bottom-line impact of a data breach can be extensive.
Cyber security insurance can help to protect against this
financial risk. Providers of this insurance may also offer
access to legal, forensics and communication resources.
PLANNING AHEAD IS THE SMART MOVE
You never know if or when your organization could be the
target of a security breach. Investing time and resources
in a breach plan — before something happens — can help
your organization reduce the risk of an incident and
minimize potential damage to customers, employees
and your brand.