How You Deal With A Data Breach Crisis that Can Determine Everything


When it comes to data breaches, there are far more effective crisis management models than the incident-response lifecycle model from NIST adopted by most organizations. One such practical crisis management model moves through four phases.

These phases are:

  1. Pre-crisis phase: Warnings and precursors that must be acted upon, that can empower responders to reduce the impact of the crisis, when it takes place.
  2. Heart of the crisis: An acute phase when the crisis has become visible outside the company, and there is an urgent call from the leadership to address it.
  3. Litigation phase: Also regarded as chronic, this stage is when the media exposes the incident, internal scrutiny begins to take place, and the government oversight analysis begins. This stage could sometimes last for years.
  4. Settlement: The resolution stage is where the dust settles, and regular activities begin to resume for the organization.

This model can work for data breach incidences, which could include an intrusion detection system as well as proactive data security tools such as digital rights management (DRM) to prevent a data breach from taking place. The remaining three phases, including media exposure, lawsuits, internal investigations, public clamor, and the final resolution stage can be phases that every company must prepare in advance.

The objective of a crisis management incident is to address the pre-crisis phase successfully to ensure that the company can go from the first to the resolution stage without sinking into the acute and chronic phases for years. This model can be applied to data breaches and can be the most suitable way of addressing a data breach. Ideally, the best way to manage confidential documents and data is to prevent leakage from occurring in the first place. And this can be made possible through digital rights management or a similar rights management solution.

Unfortunately, if a company is unable to prevent data leakage, the next best way is to depend upon a robust detection and data breach response program. This can enable the IT security team to recognize and respond to the early signs of a threat and institute adequate reactionary measures to reduce the risk of data exposure.

Some of the critical elements of a robust detection and response program include dynamic network instrumentation, monitored logins, and timely alerts. If a data breach arrives at the acute crisis stage, it is essential to have robust crisis management and crisis communications process in place. In this, crisis communications are vital. 

It is not adequate for every company that it manages the data breach crisis itself; the organization must take every measure to maintain the perception of the crisis.

When an entity plans for a data breach, it typically emphasizes only the technical aspects of the response efforts. These include:

  • Enhancing firewall rules and protocols
  • Updating anti spyware and rootkits of endpoint systems
  • Ensuring evidence is preserved

However, if there is one aspect that is typically neglected by most organizations than any other area in planning a data breach, it is crisis communications. Despite historical evidence and recent instances, companies continue to turn data breaches into reputational disasters due to repeated communications blunders. 

The end goal of crisis communications is to ensure that you manage the perception of the actual fact. It means to tell the world, at large, on what is taking place, or what you want to inform the world about what is going on. 

Crisis communications are akin to shaping the opinions of the people.

In a crisis following a data breach incident, a non-existent communication strategy or an inadequate communications measure can result in long-lasting damage to the brand and the company than the actual harm caused by the data breach itself. In the event of a data breach, it is crucial to interact with your primary stakeholders such as consumers, the workforce, shareholders, government agencies, and the media. 

However, such communications are often created half-heartedly and without much thought into it. In some cases, it was seen that several staff members of a breached organization speak to the media, simultaneously. This results in mixed messages, causing more chaos and panic among victims and the public. 

On the other hand, some companies go into long periods of silence, leaving the public with no answers, a lack of assurance, and a pervasive sense of mistrust. And while crisis communications are essential, it is even more critical to ensure that your classified and sensitive documents are protected with a robust data security tool to prevent your protected content from being breached in the first place.

A digital rights management solution or software can control the sharing of your confidential documents and give you the ability to restrain data downloads, printing, and transmission effectively. Through the solution, you can efficiently regulate and revoke access to your protected content at any time. Further, you can also limit your content from being forwarded to unauthorized people and set expiration dates to ensure document retention policies are adhered to.

Previous articleMost Common Malware Obfuscation Techniques
Next articleHow to Remove Database Malware from Your Website
Balaganesh is a Incident Responder. Certified Ethical Hacker, Penetration Tester, Security blogger, Founder & Author of Soc Investigation.


Please enter your comment!
Please enter your name here