State and local government data breaches and cybersecurity incidents are rising at a record rate. Since 2013, ransomware attacks have impacted at least 170 county, city, or state government systems, according to a National League of Cities report.
The financial fallout from a data breach or any cyber attack can be detrimental no matter what type of business or organization you’re running, but if you’re a local government, losing the public’s trust can come at a high cost, too. Just because the average citizen’s data is stolen every three months doesn’t mean that people like it. Taking steps proactively to prepare by having a data breach response plan is crucial.
In our previous blog, we talked about common incident response mistakes that organizations make during the planning phase, and how to avoid them. In this blog, we’ll talk more specifically about how to respond successfully to a data breach or other cybersecurity incident.
Guidance released by the Federal Trade Commission (FTC) outlines basic considerations and procedures you can take to engage when responding to a data breach. Local governments could also benefit from this guide as a general place to start.
The FTC data breach response guide offers these valuable tips:
- Secure Your Operations: Assemble a team of experts, secure physical areas, stop additional data loss.
- Fix Vulnerabilities: Engage service providers, check your network segmentation and work with forensics experts to determine what data was compromised and who has access privileges.
- Notify Appropriate Parties: After determining your legal requirements, notify other businesses, government agencies, law enforcement and affected individuals.
Building a Successful Data Breach Response Plan
Being breached should be considered a “when” not “if” proposition. A data breach could cause loss of access to critical files and significant operational interruptions. If you’re a local government, and your 9-1-1 call service is interrupted, it could be a life or death scenario for some of your citizens.
If there is no plan in place for responding to incidents, you can lose precious time getting back up and running.
While the FTC guidance can get you started with fundamentals, it’s not a one-size-fits-all solution. Your team should spend time proactively building a data breach incident response plan that aligns with your organizational operations.
Here are some important steps you can take to proactively handle a breach:
- Put together an incident response team. Your incident response team could include senior management, network administrators, network engineers, legal, security, public affairs and human resources. There should be a point of contact for each step of the plan.
- Password management policy. This is one of the most important steps. Having requirements like unique hard-to-guess passwords for each account, computer, mobile device or wireless network, with character requirements and a no-sharing-passwords policy is crucial. Also, any personal devices used by employees to access your network should be password protected.
- Encryption. Lost or stolen devices such as laptops, mobile phones and USB drives with unencrypted data are a common factor of data breaches. Passwords help protect the device, but they’re only the first step. Encryption can help protect confidential data that could be intercepted by a third party.
- Cybersecurity education and training. Employees can be your best or worst asset when it comes to preventing a data breach. Regular cybersecurity training sessions can help ensure your employees are able to recognize threats, such as phishing emails.
- Cyber insurance. Insurance should be used along with a cybersecurity program, not in place of it. However, it can help cover associated costs. Find out exactly what it covers ahead of time. Also, your insurance contract, contact and policy information should be clearly featured in a data breach response plan along with other relevant contacts. That information should be updated consistently in the response plan.
- Conduct data breach simulations and exercises. Once a plan is in place, it needs to be tested. The plan should be actively tested regularly and include team leaders named in the plan and department heads or executives. Team leaders need to know how to respond to each likely breach situation and cyber exercises are a great way to play out different scenarios. If something doesn’t work, revise it. When a real breach happens, team leaders should understand their roles. Parts of the plan can be tested on their own but the full plan should be tested annually, at the least and updated continuously.
In the unfortunate event that you must activate your plan, it’s tempting in the aftermath to solely focus on rebuilding everything that was lost. But you must also document lessons learned and re-evaluate your plan. What worked? What didn’t? What would you do differently? Why? You need to get all stakeholders together and determine answers to these questions. Put your changes in place, document your revised plan and test it again.
Motorola Solutions can help you determine the effectiveness of your current data breach strategy through our risk assessments, technical training, cyber exercises and pentesting. Learn more about our professional and managed security services.