Your Data's Been Breached - What Do You Do Now?

#pubcon
Your Data’s Been Breached –
What Do You Do Now?!?!

View Slide

#pubcon
About Me
#Me:
• CTO, ROCeteer
• Early Employee at Evernote & Spirit Airlines
• International Executive Coach, Advisor, TEDx
Speaker, Presenter and Author
• Coach, Mentor and Advisor for Universities,
Entrepreneurial Ecosystems, Incubators and
Accelerators
• 2016 Top Writer, Quora
• 2015 & 2016 Mentor/Coach and Female
Executive of the Year
•

View Slide

#pubcon
Everyone Gets Hacked, Eventually

View Slide

#pubcon
Drill Time!
It’s Friday at 5 before a holiday weekend….
Phone rings – “We’ve had a breach!"
Panic ensues - Nobody is completely sure what
happened.

View Slide

#pubcon
The Situation
Hacker impersonates your company’s CEO and sends
an email to the CFO requesting that she immediately
be sent employee W-2s, and various customer
information.
Your company’s CFO responds as directed sending
the requested information, only finding out later
that something was wrong.

View Slide

#pubcon
Primary Concerns
Understanding What Happened
Containing the Breach
Legal Compliance
Customer Relations

View Slide

#pubcon
Pull Out Your Playbook!
Responding to a data breach incident can present
unique challenges:
Significant potential exposure
Quickly evolving facts
Short response times
A thorough and timely response is virtually
impossible absent advanced planning.

View Slide

#pubcon
Quiz Time!
First Steps
1. Contact the authorities
2. Contact your legal counsel
3. Turn off your systems
4. Contact your PR firm
5. Retain an external forensic consultant/expert
6. Inform your data breach response team

View Slide

#pubcon
When Notifying Your Team
Notify those in your organization of the incident who
need to know.
ØNot every incident constitutes a breach that would lawfully
require notification.
ØNote the date and time of the discovery of the incident.
ØBe aware that internal communications could be discoverable
- be very careful what you say and how you say it.

View Slide

#pubcon
What You Need
Data Breach Incident Response Team – varies by breach but can
include:
An executive with decision making authority
A team leader responsible for handling the overall data breach
response (deals with counsel, IT consultants, coordinates PR, etc.)
Internal security and IT personnel with access to systems and
permissions
Legal (inside and outside counsel) – preserve privilege!
Public Relations (internal and possibly external)
External forensics advisors
HR (if employees affected)
Finance (breaches involving loss of financial information)

View Slide

#pubcon
Quiz Time!
Second Steps
1. Turn off your systems
2. Notify state authorities
3. Secure and preserve evidence
4. Analyze the breach
6. Contact insurance carrier

View Slide

#pubcon
Securing the Scene
Secure and prevent physical access to affected systems
• Preserve computer logs
• If vendor caused the breach - request retention and copies of
relevant evidence, e.g., forensic server images; logs; tracking
information; video surveillance; e-mail
Await forensics team advice and…
• Do not probe system and alert intruders
• Leave affected systems running so evidence in temporary memory
is preserved (may recommend imaging system, leave this to the
experts!)
• Avoid running antivirus programs – may destroy evidence

View Slide

#pubcon
Getting Answers
Investigate the breach to determine what type of data involved,
circumstances involved, how may people are affected.
• Carefully plan/strategize the investigation before you begin.
• Document the steps and findings.
• Date and time of breach
• Who discovered the breach
• Nature of the breach
• Data taken or compromised
Employee interviews may be appropriate (a high percentage of
breaches are by employees)
• Employees who had access to affected systems
• Employees terminated within the last 90-120 days

View Slide

#pubcon
Protecting The Bottom Line
The demand for cyber insurance has increased significantly in
response to sharply heightened risk awareness.
• Cyber insurance is a developing product; no standard forms in
relation to data breach coverage
• Network security risks
• Media liability risks, which covers claims related to slander, libel
and defamation
• Extortion liability
• Business interruption costs

View Slide

#pubcon
Quiz Time!
Third Steps
1. Contact state authorities
2. Contact federal authorities
4. Report credit card breaches to credit card companies
5. Analyze legal obligations
6. Notify customer and/or employees potentially impacted
Assuming personal information has been
disclosed then….

View Slide

#pubcon
Should You Report It?
State Authorities: Determine which states laws apply
Ø Time-Sensitive Notification: States have differing requirements on when and how
notifications must be sent out to individuals.
ØRisk of Harm Analysis: Some states allow for exceptions to their notification
requirements upon an assessment of the risk of harm to the affected individuals.
ØEncryption Safe Harbor: States have different laws affecting the definition of a breach
and the notification requirements based on whether the data was encrypted.
ØPrivate Cause of Action: Some states explicitly allow for a private cause of action
resulting from a data breach; others explicitly exclude such a cause of action from their
statutes.
ØPaper or Electronic: States also differ as to whether their laws affect only electronic
materials, paper materials, or both.
Federal Authorities
GDPR - EU Residents

View Slide

#pubcon
Remediation
Assistance to Affected Customers and Employees
May want to offer at company’s expense:
ØCredit monitoring services
ØIdentity theft services
ØOther
Public Relations will depend upon the nature and scope of breach
ØEngage PR firm?
ØClient PR team only?
ØBusiness decision, but PR needs to work with legal to avoid
admissions against interest, loss of privilege, etc.

View Slide

#pubcon
Public Inquiry
Public inquiry response – response plan and response team
May receive numerous inquiries from the public and affected
individuals
Toll-free number or email address for inquiries
Train call center employees or outsource to service provider
Website FAQs

View Slide

#pubcon
Legal Issues
Disputes between controllers and processors
May come down to the language of the processing agreement
Issues can involve processor’s obligations to cover the controller’s costs
Legal fees, data breach remediation, costs of notification,
forensic consultants and other consultants
Agreements may be silent on these issues or contain limitations on liability that
affect ability to recover
The process of dispute resolution can be a long and ongoing process
Credit Card Company Agreements
ØMay impose liability for the breach
ØMay require PCI-certified forensic analyst and report
Insurance Coverage Disputes

View Slide

#pubcon
Summary
ØCurrent knowledge on tools, standards, risks
Have a CISO or single name for data security
Regular penetration testing
Investigate network warnings immediately
ØBuild security around obligations, risks and types of data
Log what goes out and what comes in
Internal Encryption
Segmented System
Access Management
ØAppropriate budget for security
ØPre-planning for incidents/breaches
ØAppropriate, and regular training

View Slide

#pubcon
...the ability to Transcend Awesome awaits :)
[email protected]
Remember...

View Slide

Your Data's Been Breached - What Do You Do Now?

Your Data's Been Breached - What Do You Do Now?

heathriel

More Decks by heathriel

Other Decks in Technology

Featured

Transcript