5 Must-do Steps for Practicing Your Data Breach Response Plan

November 30, 2015 by mmorelli

Remember how you felt as a kid when the fire alarm rang in school? Your heart raced, adrenaline surged through your body … and you left your seat, got in line and filed out of the building calmly and efficiently because you’d practiced, practiced, practiced what to do in such an emergency. Even as an adult, you’re more likely to respond to a fire alarm with a level head because of all those childhood fire drills.

Practicing your company’s data breach response plan could be every bit as life-saving for your business as those long-ago fire drills.

Yet while 73 percent of companies surveyed by the Ponemon Institute for Experian’s Second Annual Study on Data Breach Preparedness said they had a data breach response plan in place, only 9 percent felt the development and execution of their plans were “very effective” and 21 percent said they were “effective.” The majority were less confident, with 23 percent saying their plan was somewhat effective and 30 percent saying it wasn’t effective at all. Even worse, 17 percent didn’t know!

A well-practiced data breach response plan can greatly curtail the negative impact of a breach, whereas a bungled plan can exacerbate an already difficult situation and deepen consumer anger. Here are five steps every company should take to practice its data breach response plan:

1. Field-test the plan

Develop “what if” scenarios and brainstorm response strategies. Do a dry run to test how these strategies might work in a real-world situation.

2. Involve everyone

Every individual, department and outside vendor involved in your data breach response plan should take part in testing it. Don’t allow anyone off the hook. Test every facet, from the IT team members tasked with detecting and halting a breach to the outside vendor who will handle breach notification letters, to the call center that will field calls from consumers and the legal team that will manage regulatory compliance. At least once a year, conduct this kind of in-depth test, and throughout the year you can perform smaller, targeted tests to assess the effectiveness of key aspects of the plan.

3. Pay special attention to communication

Effective, accurate communication of information is critical when a data breach occurs. Pay extra attention to how well your communications channels flow. Does everyone know who’s responsible for every aspect of communications? Who will talk to regulators? The media? The public? Miscommunication is the surest way to devalue your data breach response plan and create more chaos during an already challenging time.

4. Train constantly and consistently

Success throughout testing can only happen if everyone is trained in the response plan. Training of responders should occur throughout the year. Ponemon found that 43 percent of companies don’t have training and awareness programs for employees and other stakeholders who have access to critical data, and nearly half don’t train staff on how to respond to questions about a data breach incident.

5. Use testing results to make audits more effective

A data breach response plan should be a living thing, and testing and auditing should drive its evolution. As you test, collect information on how well the plan works and use that data to direct your audit. Make sure you audit regularly, as too many companies don’t. In fact, 41 percent of those surveyed by Ponemon said they don’t have a set time for reviewing and updating their plan, and 37 percent have never reviewed or updated their plan since implementing it.

Practice makes perfect in virtually every aspect of life, and data breach response is no different. By testing your data breach response plan, you can ensure everyone will be able to respond calmly and efficiently when the alarm bell rings.