In the ever-increasing list of “worst-ever government data breaches”, we’re lucky we can learn from the mistakes of others. But this shouldn’t make us complacent.
Across the globe, governments and businesses are scrambling to mitigate the damage that could be caused by potential data breaches, and further, legislation being introduced by Federal Governments is beginning to focus on cybersecurity and reporting requirements in the case of a serious breach.Majority of the world’s data breaches occur in the US, and similar to the Australian Bill recently introduced, US regulations require data breaches that involve customer data to be reported.
In the UK, companies that have significant breaches can be fined, so there is strong incentive there for businesses to protect their data with some organisations being penalised over AU$350,000 for severe security incidents.
In December last year, the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015 was introduced in Australia so that, if passed, private organisations and Federal government agencies must notify the Federal Privacy Commissioner and affected individuals in the case of a serious data breach.
So now we know what the penalties are if you fail to deal with a data breach, but what happens if your agency experiences a data breach? And what are the first steps? This post aims to outline some simple standards when it comes to identifying data breaches and acting quickly on them to reduce their financial burden.
Acting quickly on data breaches to reduce financial impact
There is no doubt cybersecurity is a looming concern for both business and the public sector, with the average cost of a significant breach reaching just over $2million in Australia, and $3.8million in the US.
The Federal Government is introducing new initiatives to help allay these very legitimate concerns, with $30million worth of funding being put into the Cyber Security Growth Centre.
There is still much work to be done in this area though, so it’s important to get a few basics down while waiting for the Federal Government’s recommendations.
Responding quickly to a breach once detected is undoubtedly crucial for a number of reasons. Firstly, acting quickly may require you to develop reasonable steps to prepare and implement a data breach policy and response plan.
You may have read our previous post on ‘adopting a risk-based approach to cybersecurity’, you can read more about the approach in the post, but it’s important to note that not all data breaches occur from external factors. Internal errors or failure to follow proper procedures may also result in a data leak.
Here it would be important to assess all the risks associated with a breach and create a cybersecurity policy that can handle a variety of situations. For example, in the UK last year, a CD containing data on child benefits claimants was missing, this was described as the largest data breach to occur in the UK. You need to consider all data and the potential damage that could be caused by it’s release.
Standard operating procedures for the first 24 hours
According to the Ponemon Institute’s 2015 study on the Global Cost of Data Breach, notification costs remain low, but costs associated with lost business and failure to manage business continuity are some of the main factors for the rising costs of data breaches.
iTWire recently wrote an article on data breaches and how the first 24 hours are critical. You can find the full article here, but below we’ve outlined the main points.
Diagnose the situation: understanding the scope of the breach is paramount. Are there a number of mobile devices involved? Is it internal or external? Identifying the threat is the first step to being able to respond, or implement automated controls such as remotely deleting data.
Allocate roles: Clear roles need to be set in the case of a breach, and further, clear communication of the breach must be released to relevant stakeholders and parties involved. You may have a tech team to deal with the on-sight situation, but it might also be good to have someone who can communicate the scope of the problem clearly to those who may not have the required technical acuity.
Document: This is an important step in preventing the next breach that could occur. Documenting all details as to why the breach occurred will prevent the same mistake from happening again.
Return to business as usual: Getting back up and running is essential if your data is breached, either internally or externally. Not only will failing to return to business as usual be costly, but it would demonstrate that you don’t have the correct procedures in place to deal with these incidents. It’s important to note that your agency can’t remain fool proof when it comes to cybersecurity, but learning from experiences and adapting after a breach is essential to mitigating the harm caused by these incidents.
If you want to learn more about mitigating cybersecurity risks, register your pass for Cyber Security conference powered by CeBIT Australia today.