Loading...

THIS IS ONLY A DRILL (FOR NOW): HOW TO CONDUCT A DATA BREACH RESPONSE DRILL

“Are we next?” That’s the question companies around the world are grappling with as more high-profile data breaches make headlines. At a time when one in four organizations experience cyber-attacks, mishandling the response can do more damage than the breach itself.

We take precautions against dangerous situations every day. With years of practice either in school or at work, most of us know what to do if there’s an emergency. We conduct drills repeatedly because when we immediately know how to respond to a threatening situation, we can minimize destruction. Because of the high probability of a cyber-attack, businesses need to treat breach responses like internal drills, repeatedly practicing until it becomes instinctive.

A well-prepared incident response strategy should first define all breach scenarios (e.g., ransomware, malware, phishing, etc.) and their specific steps. Assembling a qualified team is also critical, individual roles and responsibilities should be defined and clearly communicated. After finalizing the essential components of your incident response plan, regular testing is crucial to ensuring your organization is equipped to handle the unexpected.

Practice Makes Perfect

Below are six principles to help guide your data breach drills effectively:

  1. Bring in an outsider. Enlist the expertise of someone outside your organization to run the drills and serve as a moderator. A third-party facilitator allows you and your team to focus on individual tasks and responsibilities.
  2. Put aside plenty of time. At a minimum, give your team half a day to do the exercise and to debrief.
  3. It’s an exercise for everyone. All internal and external team members who will be involved in a data breach response need to participate in this activity.
  4. Expect the unexpected. Your drills should include various likelihoods and situations. Another benefit to bringing in an outside moderator is that they can throw unpredictable scenarios at your team.
  5. Debrief. After the exercise, the entire team should review, discuss each mock situation in detail, and identify any areas in need of improvement.
  6. Repeat every six months. Keep your team aware of the latest developments in the world of cybersecurity and prepared to tackle cyber threats by conducting drills every six months.

Executing these drills are invaluable and help prove to your stakeholders, customers and employees that your company takes data security seriously. The more you practice putting your plan into action, the better prepared you’ll be in a real-life situation.