Preparing for a Security Breach

MINIMIZE DAMAGE TO YOUR ORGANIZATION WITH A BREACH PLAN“ We have a security breach.” It’s the news no one wants to hear (or tell) – and for good reason.

Companies that experience a security breach can lose customer data, business, and

— worst of all — their customers’ trust. That’s because security breaches can cause real

and potentially prolonged damage to consumers’ financial security.

The bottom-line impact of a security breach — to businesses and consumers — can be big.

New-account fraud loss averaged $2,379 per incident in 2015, and existing-card fraud cost

Americans $8 billion1. And in some situations, a security breach can disrupt the normal

workflow of the business, causing additional concerns for the company’s profitability.

THE IMPORTANCE OF A BREACH PLAN

If your organization were the target of a security breach, would everyone know what to

do? Or would a sense of panic take hold as your team frantically strategized about how

to handle the situation?

A breach plan can help you put the right processes in place before a security breach

hits — so you can minimize the damage and move on as quickly as possible. A good

breach plan should:

• Initiate a rapid and appropriate response• Communicate clearly to people at risk• Establish identity theft protection for your customers• Track and monitor results

The right plan can also help your organization fulfill federal and state notification

requirements on time. And it can help to ease some of the concerns of your investors

and customers.

1 2016 Identity Fraud, Javelin Strategy & Research, February 2016.

In 2015 alone, more than 32 million people were notified of a security breach1, and the percentage of security breach victims who had their SSNs stolen tripled1. As a result, more than one in five security breach victims became victims of identity theft in 20151.

CREATE YOUR INTERNAL TEAM

The first step in creating a breach plan is putting together the right team within your

organization. This multi-functional team should include representatives from executive

leadership, as well as from your customer service, human resources, I/T, legal, and

public relations/communications departments. A project lead should also be selected

to manage the company’s response. An overview of these roles is below.

ROLE RESPONSIBILITIES

Project Lead • Determine what level of response is needed• Direct the implementation of the organization’s breach response

plan• Manage the breach response team• Make sure the steps taken in reaction to the breach are

fully documented

Executive Leadership • Make high-level decisions• Communicate to the rest of senior leadership, the board of

directors, and other key groups

Customer Service • Ensure accurate and up-to-date information is given to customers by customer service reps

• Track customers’ most frequent questions and worries• Provide front-line feedback to the rest of the team

Human Resources • Coordinate communications to current and former employees• Work with benefit providers if needed

Information Technology (I/T)

• Lead efforts to contain the breach• Determine key security risks to include in documented breach

response plan• Ensure I/T staff are trained in appropriate breach response actions• Identify and remove the source of the breach• Help outside partners with post-breach forensics

Legal • Ensure proper procedures are followed to inform customers, law enforcement, members of the media and others

• Review key communications regarding the incident

PR/Communications • Oversee crisis management communications• Manage communication with reporters• Monitor media coverage and respond to unfavorable coverage• Create content to be distributed through key communication

channels to customers, investors, etc.

IDENTIFY EXTERNAL RESOURCES

Taking the time now — before a breach occurs — to find the right partner outside your

organization will help tremendously in the event of an incident. A qualified, experienced

service provider who focuses on security breaches and identity theft protection can

provide invaluable help before, during and after a security breach.

In the event of a security breach, the right partner can help your organization:

• Avoid fines• Reduce the likelihood of litigation• Minimize bad press

• Minimize business losses• Comply with regulations• Reassure victims and investors

Look for a security breach partner who can help you identify ways to prevent a breach

in the first place. The partner should also be able to educate your team on the services

provided and their role in the breach plan.

In addition to a security breach resolution partner, you may also want to consider

vendors who specialize in:

• Crisis communications. Look for a firm with proven experience helping with security breach events.

• Data forensics. A forensics partner should be able to help leadership identify organizational risks based on the technical details of the breach.

• Legal issues. The right legal partners can help your organization fulfill legal requirements and protect itself from additional risk.

Finally, your security breach plan should include immediate work on relation-

ship-building with state attorneys general, state and federal law enforcement

and other regulatory agencies. Start by creating a contact list and making sure

your team understands reporting requirements and deadlines.

If an incident occurs, the partner should be able to help you craft a proven communications plan that explains the situation to affected parties and outlines the steps you’re taking to proactively protect them — including providing identity theft protection.

BREACH RESPONSE CHECKLIST

What should you do if your organization is the target of a security breach? While the

specific steps will vary based on your industry, the type of breach, and other factors,

this checklist will give you an idea of steps to consider.

�Validate the data breach. Examine the initial information and available

logs to confirm that a breach has occurred.

�Assemble your team. This is the time to pull together your internal

security breach team.

�Determine the scope and composition of the breach. Is criminal activity

suspected? If so, notify law enforcement. Also identify all affected data,

machines, and devices.

�Notify the data owners within your organization. Work collaboratively with

data owners to secure sensitive data, mitigate the damage that may arise

from the breach, and determine the root cause(s) of the breach to devise

mitigating strategies and prevent future occurrences.

�Decide how to investigate the data breach. Will you use in-house

resources or an outside service provider? This should be determined

in advance of a breach.

�Notify affected individuals. This should be done as soon as possible

after the breach is discovered and should be done in accordance with

applicable federal, state, and local laws. As part of the notification,

consider offering identity theft protection services to mitigate the risk

of negative consequences for those affected.

�Collect and review any breach response documentation and analyses

reports. This step will help you determine the probable cause(s) of the

breach and minimize the risk of future problems.

No one can prevent all identity theft.© 2016 LifeLock, Inc. All Rights Reserved. LifeLock and the LockMan Logo are registered trademarks of LifeLock, Inc.

Visit LifeLockBusinessSolutions.comor call 1-877-511-7906 to speak to a breach consultant today.

CONSIDER CYBER INSURANCE

The bottom-line impact of a data breach can be extensive.

Cyber security insurance can help to protect against this

financial risk. Providers of this insurance may also offer

access to legal, forensics and communication resources.

PLANNING AHEAD IS THE SMART MOVE

You never know if or when your organization could be the

target of a security breach. Investing time and resources

in a breach plan — before something happens — can help

your organization reduce the risk of an incident and

minimize potential damage to customers, employees

and your brand.