Auditing Your Data Breach Response Plan: The Never-ending Story

February 13, 2014 by ofonseca

Business is not static; business plans and operating processes evolve to meet market changes and demand fluctuations. Data breach response plans shouldn’t be static either. Threats emerge and risks change constantly in today’s digital world, and a response plan needs to keep pace. It’s essential to regularly audit your data breach response plan to ensure it meets your organization’s changing needs.

Data breach response planning is a never-ending story, and companies of all sizes may struggle to turn the page as the narrative changes. Fortunately, while the story itself evolves, the elements that make it a blockbuster remain the same. When you audit your data breach response plan, keep these points in mind:

  • Audit at least quarterly – more often if your organization faces a volatile digital environment, has previously experienced a breach or had reason to believe it’s been targeted by a cyber attack. High employee turn-over might also be a reason to audit as the players change in your response plan.
  • When reviewing your data breach response plan, be sure it takes into account any major changes that have occurred within the company. Does it contain a training component for every department and employee? It should. Are your security expectations of vendors and partners clearly spelled out and met? Do they have their own data breach response plans in place that dovetail with yours?
  • Check the notification portion of your plan to ensure it complies with notification regulations. Have regulations changed since you last looked at the plan? If so, what do you need to do to bring the plan in compliance with regulatory changes? Privacy laws also come into play with medical data breaches, so health care organizations need to take extra care when auditing this portion of their plan.
  • Assess the security of your hardware and software. In addition to data access controls that govern who can access data and how, the technical aspects of your audit should ensure that devices and hardware are securely handled, password and encryption protected, and equipped with the most current security software.

Finally, conclude your data breach response audit with a dry run. Rehearse your response by staging a mock data breach and require the participation of everyone who plays a role in your data breach response plan. Seeing your plan and team in action is the best way to assess its efficacy and to know what adjustments you need to make.