Plan for a smooth recovery Predefined response programs should be implemented before a security incident occurs, say IT executives who have dealt with
public breaches and exposures of identity and financial data. Some regulations mandate a predefined response plan, such as
Section 501B of the Gramm-Leach Bliley Act.
Basic elements of any response plan should include:
Investigate the scope of the breach and determine affected parties.
When criminal activity is suspected, do a forensics backup and report to law enforcement.
Coordinate with legal, executive and public relations teams. Brief them in plain English, so they can understand clearly and
act accordingly. This is particularly important when dealing with the media.
Inform affected parties. Tell them what their risks are and how to protect themselves. Offer to monitor their credit when
ID theft is suspected.
Directly contact those you can locate via e-mail and U.S. Postal Service.
Use the media to contact those you can’t reach directly.
Set up a 24/7 call center, anticipate questions and give operators scripts and escalation procedures, updating scripts as
needed.
Establish a Web site with helpful information, keep it current and provide tools to empower victims, such as contact information
for adding alerts to credit reports. Refresh and update site as new information comes in.
Make necessary repairs to your systems; conduct system audits and use the experience to reinforce and train personnel handling
sensitive data.
Comment