In our last article, we discussed some steps your company can take in developing an Incident Response Plan (IRP).  Among them were designating a member of management to be responsible for the IRP, and selecting employees from management, IT, legal, marketing, and other relevant departments to be a part of an incident response team (IRT).

Breach planning is a deep subject, so we will continue to hit some of the highlights in this series, but creating a robust, comprehensive IRP takes a serious commitment of time and resources.  The payoff, however, will be well worth it when your business suffers a breach.

Though vendors are sometimes overlooked as a source of compromised data, you need to be prepared for this sort of breach.  You should try to negotiate an indemnification provision that addresses losses that are the vendor’s fault.  If you are using a large cloud hosting company to store or process data, though, you may have little leverage.  Keep in mind that in most jurisdictions, data given to you by customers/employees are ultimately your responsibility, even if the breach occurred in the vendor’s network and not your own.

You need to know the nature and volume of data that each vendor holds.  A data inventory will enable a quicker and more effective post-incident response.

Training employees is a key way to mitigate damage from a breach.  Once a thorough IRP is constructed, all staff need to have some level of familiarity with it.  Employees need to understand the potentially devastating consequences a breach can have on the company, and have real buy-in into both pre-breach prevention practices and post-breach protocol.  Your company should conduct a mock incident scenario, much like you would have a fire drill.  Helping employees encounter circumstances similar to a live breach will make the entire organization more nimble when the real thing happens.

Senior management need to all be on board with the IRP, and need to receive regular notice of any updates or changes to it.  They should also conduct meaningful reviews of the firm’s security status on a routine basis.

We have yet to discuss post-breach planning, or IT-related techniques that can give you a better view of potential security issues.  We will tackle those topics in the coming weeks.

In the meantime, you might want to review INSUREtrust’s Incident Response Plan Guide, which is available to all INSUREtrust agents and insureds, free of charge.  If you would like more information about this service, please contact us at [email protected].