Plan for a smooth recovery

Plan for a smooth recovery
Predefined response programs should be implemented before a security incident occurs, say IT executives who have dealt with public breaches and exposures of identity and financial data. Some regulations mandate a predefined response plan, such as Section 501B of the Gramm-Leach Bliley Act.

Basic elements of any response plan should include:

1. Report the incident to regulators.
2. Investigate the scope of the breach and determine affected parties.
3. When criminal activity is suspected, do a forensics backup and report to law enforcement.
4. Coordinate with legal, executive and public relations teams. Brief them in plain English, so they can understand clearly and act accordingly. This is particularly important when dealing with the media.
5. Inform affected parties. Tell them what their risks are and how to protect themselves. Offer to monitor their credit when ID theft is suspected.
   • Directly contact those you can locate via e-mail and U.S. Postal Service.
   • Use the media to contact those you can’t reach directly.
   • Set up a 24/7 call center, anticipate questions and give operators scripts and escalation procedures, updating scripts as needed.
   • Establish a Web site with helpful information, keep it current and provide tools to empower victims, such as contact information for adding alerts to credit reports. Refresh and update site as new information comes in.
6. Make necessary repairs to your systems; conduct system audits and use the experience to reinforce and train personnel handling sensitive data.