Responding To A Data Breach

Avoid unforced errors and focus on timely resolution

If your organization experiences a data security breach, the most important thing you can do is react appropriately.  Ignoring it will most certainly not make it go away. Poorly coordinated, knee-jerk responses with no planning or strategy are almost as bad as ignoring the situation.  However, a well-planned response by a team of people who have trained together and who follow an Incident Response Plan, along with the necessary technical and crisis management assistance, can significantly reduce the overall impact that your organization will suffer as a result of the breach.

Effective response starts before the breach through the creation of an Incident Response Team.  This team should include your organization's senior management, security, IT services, legal, HR, and operations staff for each business line or division.  The team should create an Incident Response Plan (IRP) and test this plan through tabletop exercises, where each participant understands the role they must play according to the plan.  Changes to the plan should be made based on testing outcomes so that it better fits the organization.

Organizations should also understand any gaps that exist in their ability to respond and seek outside, expert help to close those gaps.  Outside legal counsel specializing in cybersecurity, crisis management providers, and Incident Response firms are commonly retained to augment an organization's capabilities in the event of a breach.

If a breach is declared, your organization should immediately convene the Incident Response Team and follow the plan.  Retained third-party support (legal and breach response partners) should be notified and engaged according to the plan. 

During a breach, the most important factor to minimizing impact is the time it takes to respond and recover. The faster an organization can understand what occurred and how it happened, the quicker a fix for the root cause issues can be developed and executed. When Ingalls is engaged, our team will work with your organization to understand what is known about the incident, develop plans that may involve the deployment of additional tools necessary to investigate and contain the incident, work with your organization to expel any attacker presence, and eradicate any attacker tools that are found.  We will provide a detailed report of any findings associated with the Incident Response and assist in administrative tasks such as filing insurance claims and other reporting efforts.  Finally, we offer our Managed Detection and Response (MDR) services once the breach has been resolved, so that your organization can plug any gaps that led to the breach and respond immediately in the event of any future incidents.

Ingalls Information Security has responded to many different types of data breaches. We have witnessed organizations who had no plan or coordination struggle to effectively recover, and we've provided the necessary crisis management and technical capabilities to fix these issues and get our clients back to normal operations as efficiently as possible.  If your organization is suffering a breach and you need assistance, call our emergency 24x7 hotline at 877-461-4488.

Contact Us

If you are concerned about a potential breach or if you are currently experiencing a breach and require immediate assistance, contact our 24x7x365 Emergency Hotline:

877-461-4488

Ingalls Information Security
TOP