SlideShare ist ein Scribd-Unternehmen logo

Data Breach Response: A Guide for Business

- Mark - Fullbright
- Mark - Fullbright

This guide addresses the steps to take once a breach has occured. For advice on implementing a plan to protect consumers’ personal information, to prevent breaches and unauthorized access, check out the FTC’s Protecting Personal Information: A Guide for Business and Start with Security: A Guide for Business. *Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.

Bildung
1 von 16
Downloaden Sie, um offline zu lesen
DATA BREACH RESPONSE Federal Trade Commission | business.ftc.gov A Guide for Business
You just learned that your business experienced a data breach. Whether hackers took personal information from your corporate server, an insider stole customer information, or information was inadvertently exposed on your company’s website, you are probably wondering what to do next. What steps should you take and whom should you contact if personal information may have been exposed? Although the answers vary from case to case, the following guidance from the Federal Trade Commission (FTC) can help you make smart, sound decisions. This guide addresses the steps to take once a breach has occured. For advice on implementing a plan to protect consumers’ personal information, to prevent breaches and unauthorized access, check out the FTC’s Protecting Personal Information: A Guide for Business and Start with Security: A Guide for Business.
1 Secure Your Operations Move quickly to secure your systems and fix vulnerabilities that may have caused the breach. The only thing worse than a data breach is multiple data breaches. Take steps so it doesn’t happen again. Mobilize your breach response team right away to prevent additional data loss. The exact steps to take depend on the nature of the breach and the structure of your business. Assemble a team of experts to conduct a comprehensive breach response. Depending on the size and nature of your company, they may include forensics, legal, information security, information technology, operations, human resources, communications, investor relations, and management. • Identify a data forensics team. Consider hiring independent forensic investigators to help you determine the source and scope of the breach. They will capture forensic images of affected systems, collect and analyze evidence, and outline remediation steps. • Consult with legal counsel. Talk to your legal counsel. Then, you may consider hiring outside legal counsel with privacy and data security expertise. They can advise you on federal and state laws that may be implicated by a breach. Secure physical areas potentially related to the breach. Lock them and change access codes, if needed. Ask your forensics experts and law enforcement when it is reasonable to resume regular operations.
2 Stop additional data loss. Take all affected equipment offline immediately— but don’t turn any machines off until the forensic experts arrive. Closely monitor all entry and exit points, especially those involved in the breach. If possible, put clean machines online in place of affected ones. In addition, update credentials and passwords of authorized users. If a hacker stole credentials, your system will remain vulnerable until you change those credentials, even if you’ve removed the hacker’s tools. Remove improperly posted information from the web. • Your website: If the data breach involved personal information improperly posted on your website, immediately remove it. Be aware that internet search engines store, or “cache,” information for a period of time. You can contact the search engines to ensure that they don’t archive personal information posted in error. • Other websites: Search for your company’s exposed data to make sure that no other websites have saved a copy. If you find any, contact those sites and ask them to remove it. Interview people who discovered the breach. Also, talk with anyone else who may know about it. If you have a customer service center, make sure the staff knows where to forward information that may aid your investigation of the breach. Document your investigation. Do not destroy evidence. Don’t destroy any forensic evidence in the course of your investigation and remediation.
3 Fix Vulnerabilities Think about service providers. If service providers were involved, examine what personal information they can access and decide if you need to change their access privileges. Also, ensure your service providers are taking the necessary steps to make sure another breach does not occur. If your service providers say they have remedied vulnerabilities, verify that they really fixed things. Check your network segmentation. When you set up your network, you likely segmented it so that a breach on one server or in one site could not lead to a breach on another server or site. Work with your forensics experts to analyze whether your segmentation plan was effective in containing the breach. If you need to make any changes, do so now. Work with your forensics experts. Find out if measures such as encryption were enabled when the breach happened. Analyze backup or preserved data. Review logs to determine who had access to the data at the time of the breach. Also, analyze who currently has access, determine whether that access is needed, and restrict access if it is not. Verify the types of information compromised, the number of people affected, and whether you have contact information for those people. When you get the forensic reports, take the recommended remedial measures as soon as possible. Have a communications plan. Create a comprehensive plan that reaches all affected audiences — employees, customers, investors, business partners, and other stakeholders. Don’t make misleading statements about the breach. And don’t withhold key details that might help consumers protect themselves and their information. Also, don’t publicly share information that might put consumers at further risk.
4 Anticipate questions that people will ask. Then, put top tier questions and clear, plain-language answers on your website where they are easy to find. Good communication up front can limit customers’ concerns and frustration, saving your company time and money later. Notify Appropriate Parties When your business experiences a data breach, notify law enforcement, other affected businesses, and affected individuals. Determine your legal requirements. Most states, the District of Columbia, Puerto Rico, and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. In addition, depending on the types of information involved in the breach, there may be other laws or regulations that apply to your situation. Check state and federal laws or regulations for any specific requirements for your business. Notify Law Enforcement Call your local police department immediately. Report your situation and the potential risk for identity theft. The sooner law enforcement learns about the theft, the more effective they can be. If your local police aren’t familiar with investigating information compromises, contact the local office of the FBI or the U.S. Secret Service. For incidents involving mail theft, contact the U.S. Postal Inspection Service.
5 Did the breach involve electronic health information? Then check if you’re covered by the Health Breach Notification Rule. If so, you must notify the FTC and in some cases, the media. Complying with the FTC’s Health Breach Notification Rule explains who you must notify, and when. Also, check if you’re covered by the HIPAA Breach Notification Rule. If so, you must notify the Secretary of the U.S. Department of Health and Human Services (HHS) and in some cases, the media. HHS’s Breach Notification Rule explains who you must notify, and when. Notify Affected Businesses If account access information—say, credit card or bank account numbers—has been stolen from you, but you don’t maintain the accounts, notify the institution that does so it can monitor the accounts for fraudulent activity. Health Breach Resources HIPAA Breach Notification Rule: hhs.gov/hipaa/for-professionals/breach-notification HHS HIPAA Breach Notification Form: hhs.gov/hipaa/for-professionals/breach-notification/ breach-reporting Complying with the FTC’s Health Breach Notification Rule: ftc.gov/healthbreachnotificationrule
6 If you collect or store personal information on behalf of other businesses, notify them of the data breach. If names and Social Security numbers have been stolen, contact the major credit bureaus for additional information or advice. If the compromise may involve a large group of people, advise the credit bureaus if you are recommending that people request fraud alerts and credit freezes for their files. Equifax: equifax.com or 1-800-525-6285 Experian: experian.com or 1-888-397-3742 TransUnion: transunion.com or 1-800-680-7289 Notify Individuals If you quickly notify people that their personal information has been compromised, they can take steps to reduce the chance that their information will be misused. In deciding who to notify, and how, consider: • state laws • the nature of the compromise • the type of information taken • the likelihood of misuse • the potential damage if the information is misused For example, thieves who have stolen names and Social Security numbers can use that information not only to sign up for new accounts in the victim’s name but also to commit tax identity theft. People who are notified early can take steps to limit the damage.
7 When notifying individuals, the FTC recommends you: • consult with your law enforcement contact about the timing of the notification so it doesn’t impede the investigation. • designate a point person within your organization for releasing information. Give the contact person the latest information about the breach, your response, and how individuals should respond. Consider using letters (see sample on page 10), websites, and toll-free numbers to communicate with people whose information may have been compromised. If you don’t have contact information for all of the affected individuals, you can build an extensive public relations campaign into your communications plan, including press releases or other news media notification. • consider offering at least a year of free credit monitoring or other support such as identity theft protection or identity restoration services, particularly if financial information or Social Security numbers were exposed. When such information is exposed, thieves may use it to open new accounts. Most states have breach notification laws that tell you what information you must, or must not, provide in your breach notice. In general, unless your state law says otherwise, you’ll want to: • clearly describe what you know about the compromise. Include: »» how it happened »» what information was taken »» how the thieves have used the information (if you know)
8 »» what actions you have taken to remedy the situation »» what actions you are taking to protect individuals, such as offering free credit monitoring services »» how to reach the relevant contacts in your organization Consult with your law enforcement contact about what information to include so your notice doesn’t hamper the investigation. • Tell people what steps they can take, given the type of information exposed, and provide relevant contact information. For example, people whose Social Security numbers have been stolen should contact the credit bureaus to ask that fraud alerts or credit freezes be placed on their credit reports and contact the IRS Identity Protection Specialized Unit at 1-800-908-4490. See IdentityTheft.gov/databreach for information on appropriate follow-up steps after a compromise, depending on the type of personal information that was exposed. Consider adding this information as an attachment to your breach notification letter, as we’ve done in the model letter on page 10. • Include current information about how to recover from identity theft. For a list of recovery steps, refer consumers to IdentityTheft.gov. • Consider providing information about the law enforcement agency working on the case, if the law enforcement agency agrees that would help. Identity theft victims often can provide important information to law enforcement.
9 • Encourage people who discover that their information has been misused to file a complaint with the FTC, using IdentityTheft.gov. This information is entered into the Consumer Sentinel Network, a secure, online database available to civil and criminal law enforcement agencies. • Describe how you’ll contact consumers in the future. For example, if you’ll only contact consumers by mail, then say so. If you won’t ever call them about the breach, then let them know. This information may help victims avoid phishing scams tied to the breach, while also helping to protect your company’s reputation. Some organizations tell consumers that updates will be posted on their website. This gives consumers a place they can go at any time to see the latest information. Model Letter The following letter is a model for notifying people whose names and Social Security numbers have been stolen. When Social Security numbers have been stolen, it’s important to advise people to place a free fraud alert on their credit reports. A fraud alert may hinder identity thieves from getting credit with stolen information because it’s a signal to creditors to contact the consumer before opening new accounts or changing existing accounts. Also, advise consumers to consider placing a credit freeze on their file. The cost to place and lift a freeze depends on state law.
10 [Name of Company/Logo] Date: [Insert Date] NOTICE OF DATA BREACH Dear [Insert Name]: We are contacting you about a data breach that has occurred at [insert Company Name]. What Happened? [Describe how the data breach happened, the date of the breach, and how the stolen information has been misused (if you know)]. What Information Was Involved? This incident involved your [describe the type of personal information that may have been exposed due to the breach]. What We Are Doing [Describe how you are responding to the data breach, including: what actions you’ve taken to remedy the situation; what steps you are taking to protect individuals whose information has been breached; and what services you are offering (like credit monitoring or identity theft restoration services).] What You Can Do We recommend that you place a fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or
11 change your existing accounts. Call any one of the three major credit bureaus. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for 90 days. You can renew it after 90 days. Equifax: equifax.com or 1-800-525-6285 Experian: experian.com or 1-888-397-3742 TransUnion: transunion.com or 1-800-680-7289 Request that all three credit reports be sent to you, free of charge, for your review. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Thieves may hold stolen information to use at different times. Checking your credit reports periodically can help you spot problems and address them quickly. If you find suspicious activity on your credit reports or have reason to believe your information is being misused, file a police report and call [insert contact information for law enforcement if authorized to do so]. Get a copy of the police report; you may need it to clear up the fraudulent debts. If your personal information has been misused, visit the FTC’s site at IdentityTheft.gov to get recovery steps and to file an identity theft complaint. Your complaint will be added to the FTC’s Consumer Sentinel Network, where it will be accessible to law enforcers for their investigations.
12 You also may want to consider contacting the major credit bureaus at the telephone numbers above to place a credit freeze on your credit file. A credit freeze means potential creditors cannot get your credit report. That makes it less likely that an identify thief can open new accounts in your name. The cost to place and lift a freeze depends on state law. Find your state Attorney General’s office at naag.org to learn more. We have enclosed a copy of Identity Theft: A Recovery Plan, a comprehensive guide from the FTC to help you guard against and deal with identity theft. We’ve also attached information from IdentityTheft.gov about steps you can take to help protect yourself from identity theft, depending on the type of information exposed. Other Important Information [Insert other important information here.] For More Information Call [telephone number] or go to [Internet website]. [State how additional information or updates will be shared/or where they will be posted.] [Insert Closing] [Your Name]
What information was lost or exposed? Social Security number ☐☐ If a company responsible for exposing your information offers you free credit monitoring, take advantage of it. ☐☐ Get your free credit reports from annualcreditreport.com. Check for any accounts or charges you don’t recognize. ☐☐ Consider placing a credit freeze. A credit freeze makes it harder for someone to open a new account in your name. •• If you place a freeze, be ready to take a few extra steps the next time you apply for a new credit card or cell phone —or any service that requires a credit check. •• If you decide not to place a credit freeze, at least consider placing a fraud alert. ☐☐ Try to file your taxes early — before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS. ☐☐ Don’t believe anyone who calls and says you’ll be arrested unless you pay for taxes or debt — even if they have part or all of your Social Security number, or they say they’re from the IRS. ☐☐ Continue to check your credit reports at annualcreditreport.com. You can order a free report from each of the three credit reporting companies once a year. FEDERAL TRADE COMMISSION IdentityTheft.gov Consider attaching the relevant section from IdentityTheft.gov, based on the type of information exposed in the breach. This is for a data breach involving Social Security numbers. There is similar information about other types of personal information. Optional Attachment
For More Guidance From the FTC This publication provides general guidance for an organization that has experienced a data breach. If you’d like more individualized guidance, you may contact the FTC at 1-877-ID-THEFT (877-438-4338). Please provide information regarding what has occurred, including the type of information taken, the number of people potentially affected, your contact information, and contact information for the law enforcement agent with whom you are working. The FTC can prepare its Consumer Response Center for calls from the people affected, help law enforcement with information from its national victim complaint database, and provide you with additional guidance as necessary. Because the FTC has a law enforcement role with respect to information privacy, you may seek guidance anonymously. For additional information and resources, please visit business.ftc.gov. Federal Trade Commission business.ftc.gov September 2016

Empfohlen

Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business- Mark - Fullbright
 
Can domain intelligence help healthcare service providers combat data breaches
Can domain intelligence help healthcare service providers combat data breachesCan domain intelligence help healthcare service providers combat data breaches
Can domain intelligence help healthcare service providers combat data breachesWhoisXML API
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
Cyber security and fl data breach
Cyber security and fl data breachCyber security and fl data breach
Cyber security and fl data breachRob Jackson
 
Privacy - USC 2005
Privacy - USC 2005Privacy - USC 2005
Privacy - USC 2005Internet Law Center
 
Key Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportKey Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportClio - Cloud-Based Legal Technology
 
How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?Clio - Cloud-Based Legal Technology
 

Empfohlen

Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business- Mark - Fullbright
 
Can domain intelligence help healthcare service providers combat data breaches
Can domain intelligence help healthcare service providers combat data breachesCan domain intelligence help healthcare service providers combat data breaches
Can domain intelligence help healthcare service providers combat data breachesWhoisXML API
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
Cyber security and fl data breach
Cyber security and fl data breachCyber security and fl data breach
Cyber security and fl data breachRob Jackson
 
Privacy - USC 2005
Privacy - USC 2005Privacy - USC 2005
Privacy - USC 2005Internet Law Center
 
Key Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportKey Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportClio - Cloud-Based Legal Technology
 
How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?Clio - Cloud-Based Legal Technology
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breachOregon Law Practice Management
 
Data security
Data securityData security
Data securityoco26
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachCBIZ, Inc.
 
M6 - E Commerce - Integrity And Security
M6 - E Commerce - Integrity And SecurityM6 - E Commerce - Integrity And Security
M6 - E Commerce - Integrity And SecurityJamie Hutt
 
Phishers
PhishersPhishers
Phishers- Mark - Fullbright
 
IST Presentation
IST PresentationIST Presentation
IST Presentationguest1d1ed5
 
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...Compliance Global Inc
 
Identity Theft: How to Avoid It
Identity Theft: How to Avoid ItIdentity Theft: How to Avoid It
Identity Theft: How to Avoid Ithewie
 
Why can’t police catch cyber criminals
Why can’t police catch cyber criminalsWhy can’t police catch cyber criminals
Why can’t police catch cyber criminalsChip Thornsburg
 
Webinar: Gathering Social Media Evidence
Webinar: Gathering Social Media EvidenceWebinar: Gathering Social Media Evidence
Webinar: Gathering Social Media EvidenceCase IQ
 
Protecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceProtecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceTodd Merrill
 
EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?Winston & Strawn LLP
 
Internet use issues
Internet use issues Internet use issues
Internet use issues computers 11
 
How to Prevent ID Theft
How to Prevent ID TheftHow to Prevent ID Theft
How to Prevent ID Thefthewie
 
Social Media in the Workplace and Beyond
Social Media in the Workplace and BeyondSocial Media in the Workplace and Beyond
Social Media in the Workplace and BeyondAlexNemiroff
 
Tips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftTips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftCase IQ
 
Identity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for BusinessIdentity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for BusinessHerring Consulting & Financial Group
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
GlobalCollect Data Breach Factsheet
GlobalCollect Data Breach FactsheetGlobalCollect Data Breach Factsheet
GlobalCollect Data Breach FactsheetIngenico ePayments
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 

Weitere ähnliche Inhalte

Was ist angesagt?

Data security
Data securityData security
Data securityoco26
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachCBIZ, Inc.
 
M6 - E Commerce - Integrity And Security
M6 - E Commerce - Integrity And SecurityM6 - E Commerce - Integrity And Security
M6 - E Commerce - Integrity And SecurityJamie Hutt
 
IST Presentation
IST PresentationIST Presentation
IST Presentationguest1d1ed5
 
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...Compliance Global Inc
 
Identity Theft: How to Avoid It
Identity Theft: How to Avoid ItIdentity Theft: How to Avoid It
Identity Theft: How to Avoid Ithewie
 
Why can’t police catch cyber criminals
Why can’t police catch cyber criminalsWhy can’t police catch cyber criminals
Why can’t police catch cyber criminalsChip Thornsburg
 
Webinar: Gathering Social Media Evidence
Webinar: Gathering Social Media EvidenceWebinar: Gathering Social Media Evidence
Webinar: Gathering Social Media EvidenceCase IQ
 
Protecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceProtecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceTodd Merrill
 
EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?Winston & Strawn LLP
 
Internet use issues
Internet use issues Internet use issues
Internet use issues computers 11
 
How to Prevent ID Theft
How to Prevent ID TheftHow to Prevent ID Theft
How to Prevent ID Thefthewie
 
Social Media in the Workplace and Beyond
Social Media in the Workplace and BeyondSocial Media in the Workplace and Beyond
Social Media in the Workplace and BeyondAlexNemiroff
 
Tips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftTips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftCase IQ
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 

Was ist angesagt? (20)

What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breach
 
Data security
Data securityData security
Data security
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentation
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data Breach
 
M6 - E Commerce - Integrity And Security
M6 - E Commerce - Integrity And SecurityM6 - E Commerce - Integrity And Security
M6 - E Commerce - Integrity And Security
 
Phishers
PhishersPhishers
Phishers
 
IST Presentation
IST PresentationIST Presentation
IST Presentation
 
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...
 
Identity Theft: How to Avoid It
Identity Theft: How to Avoid ItIdentity Theft: How to Avoid It
Identity Theft: How to Avoid It
 
Why can’t police catch cyber criminals
Why can’t police catch cyber criminalsWhy can’t police catch cyber criminals
Why can’t police catch cyber criminals
 
Webinar: Gathering Social Media Evidence
Webinar: Gathering Social Media EvidenceWebinar: Gathering Social Media Evidence
Webinar: Gathering Social Media Evidence
 
Protecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceProtecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA compliance
 
EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?
 
Internet use issues
Internet use issues Internet use issues
Internet use issues
 
How to Prevent ID Theft
How to Prevent ID TheftHow to Prevent ID Theft
How to Prevent ID Theft
 
Social Media in the Workplace and Beyond
Social Media in the Workplace and BeyondSocial Media in the Workplace and Beyond
Social Media in the Workplace and Beyond
 
Tips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftTips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity Theft
 
Identity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for BusinessIdentity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for Business
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacy
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 

Ähnlich wie Data Breach Response: A Guide for Business

GlobalCollect Data Breach Factsheet
GlobalCollect Data Breach FactsheetGlobalCollect Data Breach Factsheet
GlobalCollect Data Breach FactsheetIngenico ePayments
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
Healthcare preparedness 2010
Healthcare preparedness 2010Healthcare preparedness 2010
Healthcare preparedness 2010DataMotion
 
Healthcare preparedness 2010
Healthcare preparedness 2010Healthcare preparedness 2010
Healthcare preparedness 2010DataMotion
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachFinancial Poise
 
FTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business PowerpointFTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business PowerpointBucacci Business Solutions
 
I’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextI’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextBrian Pichman
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextBrian Pichman
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsPeter Henley
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Australian Privacy Principles - Updates presented by WiTH Collective & Marque...
Australian Privacy Principles - Updates presented by WiTH Collective & Marque...Australian Privacy Principles - Updates presented by WiTH Collective & Marque...
Australian Privacy Principles - Updates presented by WiTH Collective & Marque...WiTH Collective
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industryNumaan Huq
 
2014-2015-data-breach-response-guide
2014-2015-data-breach-response-guide2014-2015-data-breach-response-guide
2014-2015-data-breach-response-guideJames Fisher
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
 

Ähnlich wie Data Breach Response: A Guide for Business (20)

GlobalCollect Data Breach Factsheet
GlobalCollect Data Breach FactsheetGlobalCollect Data Breach Factsheet
GlobalCollect Data Breach Factsheet
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
Healthcare preparedness 2010
Healthcare preparedness 2010Healthcare preparedness 2010
Healthcare preparedness 2010
 
Healthcare preparedness 2010
Healthcare preparedness 2010Healthcare preparedness 2010
Healthcare preparedness 2010
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the Breach
 
FTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business PowerpointFTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business Powerpoint
 
I’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextI’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take next
 
Gdpr in a nutshell
Gdpr in a nutshellGdpr in a nutshell
Gdpr in a nutshell
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Australian Privacy Principles - Updates presented by WiTH Collective & Marque...
Australian Privacy Principles - Updates presented by WiTH Collective & Marque...Australian Privacy Principles - Updates presented by WiTH Collective & Marque...
Australian Privacy Principles - Updates presented by WiTH Collective & Marque...
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
 
2014-2015-data-breach-response-guide
2014-2015-data-breach-response-guide2014-2015-data-breach-response-guide
2014-2015-data-breach-response-guide
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder Target
 
HIPAA 2015 webinar
HIPAA 2015 webinarHIPAA 2015 webinar
HIPAA 2015 webinar
 

Mehr von - Mark - Fullbright

ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019- Mark - Fullbright
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)- Mark - Fullbright
 
Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019- Mark - Fullbright
 
CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019- Mark - Fullbright
 
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...- Mark - Fullbright
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)- Mark - Fullbright
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report- Mark - Fullbright
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 - Mark - Fullbright
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft- Mark - Fullbright
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017- Mark - Fullbright
 
Protecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for BusinessProtecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for Business- Mark - Fullbright
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report- Mark - Fullbright
 
Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016- Mark - Fullbright
 
Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015- Mark - Fullbright
 
Identity Theft - Proactive / Reactive First Steps
Identity Theft - Proactive / Reactive First Steps Identity Theft - Proactive / Reactive First Steps
Identity Theft - Proactive / Reactive First Steps - Mark - Fullbright
 

Mehr von - Mark - Fullbright (20)

ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report
 
Police, Protesters, Press, 2020
Police, Protesters, Press, 2020Police, Protesters, Press, 2020
Police, Protesters, Press, 2020
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)
 
FCPA Guidance 2020
FCPA Guidance 2020FCPA Guidance 2020
FCPA Guidance 2020
 
Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019
 
CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019
 
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
 
2018 IC3 Report
2018 IC3 Report2018 IC3 Report
2018 IC3 Report
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018
 
Credit Score Explainer
Credit Score ExplainerCredit Score Explainer
Credit Score Explainer
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017
 
Protecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for BusinessProtecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for Business
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report
 
Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016
 
Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015
 
Identity Theft - Proactive / Reactive First Steps
Identity Theft - Proactive / Reactive First Steps Identity Theft - Proactive / Reactive First Steps
Identity Theft - Proactive / Reactive First Steps
 

Kürzlich hochgeladen

How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxNikitaBankoti2
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 

Kürzlich hochgeladen (20)

How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 

Data Breach Response: A Guide for Business

  • 1. DATA BREACH RESPONSE Federal Trade Commission | business.ftc.gov A Guide for Business
  • 2. You just learned that your business experienced a data breach. Whether hackers took personal information from your corporate server, an insider stole customer information, or information was inadvertently exposed on your company’s website, you are probably wondering what to do next. What steps should you take and whom should you contact if personal information may have been exposed? Although the answers vary from case to case, the following guidance from the Federal Trade Commission (FTC) can help you make smart, sound decisions. This guide addresses the steps to take once a breach has occured. For advice on implementing a plan to protect consumers’ personal information, to prevent breaches and unauthorized access, check out the FTC’s Protecting Personal Information: A Guide for Business and Start with Security: A Guide for Business.
  • 3. 1 Secure Your Operations Move quickly to secure your systems and fix vulnerabilities that may have caused the breach. The only thing worse than a data breach is multiple data breaches. Take steps so it doesn’t happen again. Mobilize your breach response team right away to prevent additional data loss. The exact steps to take depend on the nature of the breach and the structure of your business. Assemble a team of experts to conduct a comprehensive breach response. Depending on the size and nature of your company, they may include forensics, legal, information security, information technology, operations, human resources, communications, investor relations, and management. • Identify a data forensics team. Consider hiring independent forensic investigators to help you determine the source and scope of the breach. They will capture forensic images of affected systems, collect and analyze evidence, and outline remediation steps. • Consult with legal counsel. Talk to your legal counsel. Then, you may consider hiring outside legal counsel with privacy and data security expertise. They can advise you on federal and state laws that may be implicated by a breach. Secure physical areas potentially related to the breach. Lock them and change access codes, if needed. Ask your forensics experts and law enforcement when it is reasonable to resume regular operations.
  • 4. 2 Stop additional data loss. Take all affected equipment offline immediately— but don’t turn any machines off until the forensic experts arrive. Closely monitor all entry and exit points, especially those involved in the breach. If possible, put clean machines online in place of affected ones. In addition, update credentials and passwords of authorized users. If a hacker stole credentials, your system will remain vulnerable until you change those credentials, even if you’ve removed the hacker’s tools. Remove improperly posted information from the web. • Your website: If the data breach involved personal information improperly posted on your website, immediately remove it. Be aware that internet search engines store, or “cache,” information for a period of time. You can contact the search engines to ensure that they don’t archive personal information posted in error. • Other websites: Search for your company’s exposed data to make sure that no other websites have saved a copy. If you find any, contact those sites and ask them to remove it. Interview people who discovered the breach. Also, talk with anyone else who may know about it. If you have a customer service center, make sure the staff knows where to forward information that may aid your investigation of the breach. Document your investigation. Do not destroy evidence. Don’t destroy any forensic evidence in the course of your investigation and remediation.
  • 5. 3 Fix Vulnerabilities Think about service providers. If service providers were involved, examine what personal information they can access and decide if you need to change their access privileges. Also, ensure your service providers are taking the necessary steps to make sure another breach does not occur. If your service providers say they have remedied vulnerabilities, verify that they really fixed things. Check your network segmentation. When you set up your network, you likely segmented it so that a breach on one server or in one site could not lead to a breach on another server or site. Work with your forensics experts to analyze whether your segmentation plan was effective in containing the breach. If you need to make any changes, do so now. Work with your forensics experts. Find out if measures such as encryption were enabled when the breach happened. Analyze backup or preserved data. Review logs to determine who had access to the data at the time of the breach. Also, analyze who currently has access, determine whether that access is needed, and restrict access if it is not. Verify the types of information compromised, the number of people affected, and whether you have contact information for those people. When you get the forensic reports, take the recommended remedial measures as soon as possible. Have a communications plan. Create a comprehensive plan that reaches all affected audiences — employees, customers, investors, business partners, and other stakeholders. Don’t make misleading statements about the breach. And don’t withhold key details that might help consumers protect themselves and their information. Also, don’t publicly share information that might put consumers at further risk.
  • 6. 4 Anticipate questions that people will ask. Then, put top tier questions and clear, plain-language answers on your website where they are easy to find. Good communication up front can limit customers’ concerns and frustration, saving your company time and money later. Notify Appropriate Parties When your business experiences a data breach, notify law enforcement, other affected businesses, and affected individuals. Determine your legal requirements. Most states, the District of Columbia, Puerto Rico, and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. In addition, depending on the types of information involved in the breach, there may be other laws or regulations that apply to your situation. Check state and federal laws or regulations for any specific requirements for your business. Notify Law Enforcement Call your local police department immediately. Report your situation and the potential risk for identity theft. The sooner law enforcement learns about the theft, the more effective they can be. If your local police aren’t familiar with investigating information compromises, contact the local office of the FBI or the U.S. Secret Service. For incidents involving mail theft, contact the U.S. Postal Inspection Service.
  • 7. 5 Did the breach involve electronic health information? Then check if you’re covered by the Health Breach Notification Rule. If so, you must notify the FTC and in some cases, the media. Complying with the FTC’s Health Breach Notification Rule explains who you must notify, and when. Also, check if you’re covered by the HIPAA Breach Notification Rule. If so, you must notify the Secretary of the U.S. Department of Health and Human Services (HHS) and in some cases, the media. HHS’s Breach Notification Rule explains who you must notify, and when. Notify Affected Businesses If account access information—say, credit card or bank account numbers—has been stolen from you, but you don’t maintain the accounts, notify the institution that does so it can monitor the accounts for fraudulent activity. Health Breach Resources HIPAA Breach Notification Rule: hhs.gov/hipaa/for-professionals/breach-notification HHS HIPAA Breach Notification Form: hhs.gov/hipaa/for-professionals/breach-notification/ breach-reporting Complying with the FTC’s Health Breach Notification Rule: ftc.gov/healthbreachnotificationrule
  • 8. 6 If you collect or store personal information on behalf of other businesses, notify them of the data breach. If names and Social Security numbers have been stolen, contact the major credit bureaus for additional information or advice. If the compromise may involve a large group of people, advise the credit bureaus if you are recommending that people request fraud alerts and credit freezes for their files. Equifax: equifax.com or 1-800-525-6285 Experian: experian.com or 1-888-397-3742 TransUnion: transunion.com or 1-800-680-7289 Notify Individuals If you quickly notify people that their personal information has been compromised, they can take steps to reduce the chance that their information will be misused. In deciding who to notify, and how, consider: • state laws • the nature of the compromise • the type of information taken • the likelihood of misuse • the potential damage if the information is misused For example, thieves who have stolen names and Social Security numbers can use that information not only to sign up for new accounts in the victim’s name but also to commit tax identity theft. People who are notified early can take steps to limit the damage.
  • 9. 7 When notifying individuals, the FTC recommends you: • consult with your law enforcement contact about the timing of the notification so it doesn’t impede the investigation. • designate a point person within your organization for releasing information. Give the contact person the latest information about the breach, your response, and how individuals should respond. Consider using letters (see sample on page 10), websites, and toll-free numbers to communicate with people whose information may have been compromised. If you don’t have contact information for all of the affected individuals, you can build an extensive public relations campaign into your communications plan, including press releases or other news media notification. • consider offering at least a year of free credit monitoring or other support such as identity theft protection or identity restoration services, particularly if financial information or Social Security numbers were exposed. When such information is exposed, thieves may use it to open new accounts. Most states have breach notification laws that tell you what information you must, or must not, provide in your breach notice. In general, unless your state law says otherwise, you’ll want to: • clearly describe what you know about the compromise. Include: »» how it happened »» what information was taken »» how the thieves have used the information (if you know)
  • 10. 8 »» what actions you have taken to remedy the situation »» what actions you are taking to protect individuals, such as offering free credit monitoring services »» how to reach the relevant contacts in your organization Consult with your law enforcement contact about what information to include so your notice doesn’t hamper the investigation. • Tell people what steps they can take, given the type of information exposed, and provide relevant contact information. For example, people whose Social Security numbers have been stolen should contact the credit bureaus to ask that fraud alerts or credit freezes be placed on their credit reports and contact the IRS Identity Protection Specialized Unit at 1-800-908-4490. See IdentityTheft.gov/databreach for information on appropriate follow-up steps after a compromise, depending on the type of personal information that was exposed. Consider adding this information as an attachment to your breach notification letter, as we’ve done in the model letter on page 10. • Include current information about how to recover from identity theft. For a list of recovery steps, refer consumers to IdentityTheft.gov. • Consider providing information about the law enforcement agency working on the case, if the law enforcement agency agrees that would help. Identity theft victims often can provide important information to law enforcement.
  • 11. 9 • Encourage people who discover that their information has been misused to file a complaint with the FTC, using IdentityTheft.gov. This information is entered into the Consumer Sentinel Network, a secure, online database available to civil and criminal law enforcement agencies. • Describe how you’ll contact consumers in the future. For example, if you’ll only contact consumers by mail, then say so. If you won’t ever call them about the breach, then let them know. This information may help victims avoid phishing scams tied to the breach, while also helping to protect your company’s reputation. Some organizations tell consumers that updates will be posted on their website. This gives consumers a place they can go at any time to see the latest information. Model Letter The following letter is a model for notifying people whose names and Social Security numbers have been stolen. When Social Security numbers have been stolen, it’s important to advise people to place a free fraud alert on their credit reports. A fraud alert may hinder identity thieves from getting credit with stolen information because it’s a signal to creditors to contact the consumer before opening new accounts or changing existing accounts. Also, advise consumers to consider placing a credit freeze on their file. The cost to place and lift a freeze depends on state law.
  • 12. 10 [Name of Company/Logo] Date: [Insert Date] NOTICE OF DATA BREACH Dear [Insert Name]: We are contacting you about a data breach that has occurred at [insert Company Name]. What Happened? [Describe how the data breach happened, the date of the breach, and how the stolen information has been misused (if you know)]. What Information Was Involved? This incident involved your [describe the type of personal information that may have been exposed due to the breach]. What We Are Doing [Describe how you are responding to the data breach, including: what actions you’ve taken to remedy the situation; what steps you are taking to protect individuals whose information has been breached; and what services you are offering (like credit monitoring or identity theft restoration services).] What You Can Do We recommend that you place a fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or
  • 13. 11 change your existing accounts. Call any one of the three major credit bureaus. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for 90 days. You can renew it after 90 days. Equifax: equifax.com or 1-800-525-6285 Experian: experian.com or 1-888-397-3742 TransUnion: transunion.com or 1-800-680-7289 Request that all three credit reports be sent to you, free of charge, for your review. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Thieves may hold stolen information to use at different times. Checking your credit reports periodically can help you spot problems and address them quickly. If you find suspicious activity on your credit reports or have reason to believe your information is being misused, file a police report and call [insert contact information for law enforcement if authorized to do so]. Get a copy of the police report; you may need it to clear up the fraudulent debts. If your personal information has been misused, visit the FTC’s site at IdentityTheft.gov to get recovery steps and to file an identity theft complaint. Your complaint will be added to the FTC’s Consumer Sentinel Network, where it will be accessible to law enforcers for their investigations.
  • 14. 12 You also may want to consider contacting the major credit bureaus at the telephone numbers above to place a credit freeze on your credit file. A credit freeze means potential creditors cannot get your credit report. That makes it less likely that an identify thief can open new accounts in your name. The cost to place and lift a freeze depends on state law. Find your state Attorney General’s office at naag.org to learn more. We have enclosed a copy of Identity Theft: A Recovery Plan, a comprehensive guide from the FTC to help you guard against and deal with identity theft. We’ve also attached information from IdentityTheft.gov about steps you can take to help protect yourself from identity theft, depending on the type of information exposed. Other Important Information [Insert other important information here.] For More Information Call [telephone number] or go to [Internet website]. [State how additional information or updates will be shared/or where they will be posted.] [Insert Closing] [Your Name]
  • 15. What information was lost or exposed? Social Security number ☐☐ If a company responsible for exposing your information offers you free credit monitoring, take advantage of it. ☐☐ Get your free credit reports from annualcreditreport.com. Check for any accounts or charges you don’t recognize. ☐☐ Consider placing a credit freeze. A credit freeze makes it harder for someone to open a new account in your name. •• If you place a freeze, be ready to take a few extra steps the next time you apply for a new credit card or cell phone —or any service that requires a credit check. •• If you decide not to place a credit freeze, at least consider placing a fraud alert. ☐☐ Try to file your taxes early — before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS. ☐☐ Don’t believe anyone who calls and says you’ll be arrested unless you pay for taxes or debt — even if they have part or all of your Social Security number, or they say they’re from the IRS. ☐☐ Continue to check your credit reports at annualcreditreport.com. You can order a free report from each of the three credit reporting companies once a year. FEDERAL TRADE COMMISSION IdentityTheft.gov Consider attaching the relevant section from IdentityTheft.gov, based on the type of information exposed in the breach. This is for a data breach involving Social Security numbers. There is similar information about other types of personal information. Optional Attachment
  • 16. For More Guidance From the FTC This publication provides general guidance for an organization that has experienced a data breach. If you’d like more individualized guidance, you may contact the FTC at 1-877-ID-THEFT (877-438-4338). Please provide information regarding what has occurred, including the type of information taken, the number of people potentially affected, your contact information, and contact information for the law enforcement agent with whom you are working. The FTC can prepare its Consumer Response Center for calls from the people affected, help law enforcement with information from its national victim complaint database, and provide you with additional guidance as necessary. Because the FTC has a law enforcement role with respect to information privacy, you may seek guidance anonymously. For additional information and resources, please visit business.ftc.gov. Federal Trade Commission business.ftc.gov September 2016