Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Do You Have a Set Procedure for Reporting a Data Breach?

In today’s technology world, businesses face the reality that a cyberattack can occur any time. When these attacks do take place, they often result in a data breach. Having the right procedures in place is vital for overcoming this disastrous event.

These procedures help with forming a response plan and data breach reporting. Learn more about data breach notification laws, why reporting them is essential and five steps for setting the necessary procedures in place.

What Is a Data Breach?

A data breach is an incident in a company’s security that leads to unauthorized parties accessing personal and confidential information. This information includes access to social security numbers, customer records, financial information, bank account details, health care data and more.

In other words, a data breach is a security incident where parties obtain access to sensitive information without permission. Unfortunately, the repercussions of a data breach for a company can be significant.

What Are Data Breach Notification Laws?

Data breach notification laws are laws that apply to organizations or individuals who have suffered a security incident and need to notify their customers or other parties of the event. These laws can differ depending on the country the business is located in or if the company has customers in Europe.

How long do you have to report a data breach? This time period depends on your business’s location and how many customers were affected. Generally, businesses in the United States must alert individuals of the data breach within 60 days after the discovery of the incident. Other steps are required for data breaches impacting 500 people or more.

To comply with the General Data Protection Regulation (GDPR), you must notify of the incident — if it poses a risk to customer information — within 72 hours, or you might suffer fines and other legal action. If the affected individuals are at high risk from the data breach, the organization is required to notify them, as well.

However, the organization does not need to notify the affected customers if they have successfully contained the security incident and the data breach is unlikely to pose any risk to individuals. During the 72-hour period, the organization is required to investigate the security incident and provide details about the data breach.

As mentioned, the consequences of a data breach can be substantial and can result in a company filing for bankruptcy. According to a study, 93% of businesses that suffer a data loss for 10 days file for bankruptcy in a year, and 50% file immediately.

Why Having Set Procedures for Data Breach Reporting Is Important

Having the correct and necessary procedures in place helps the organization to act appropriately and take the required actions if they notice a data breach. These procedures are vital for reporting the security incident to the appropriate parties, both internally and externally.

The company will notify the affected individuals if the data breach poses a high risk to them. If the affected customers are informed, they can take the required steps to protect themselves from this security incident.

In addition, the local authorities need to be aware of the breach. If the authorities are unfamiliar with handling these situations, the recommended practice is to call your local FBI office or submit a tip to the FBI online. For data breaches relating to mail theft, contact the U.S. Postal Inspection Service. If the incident involved health care records and the Health Breach Notification Rule applies to you, the Federal Trade Commission (FTC) will also need to know what is happening.

With the appropriate parties notified, everyone can take action accordingly to help contain the breach.

4 Steps for Handling and Reporting a Data Breach

Taking the necessary steps to get ahead of the situation is vital. Here are the required procedures for data breach reporting and handling the situation.

1.    Secure Your Business

The first step you should take is to contain the breach and secure your business’s operations. Work as quickly as possible to fix system vulnerabilities, secure physical spaces such as entryways with door codes, and try to stop any additional data loss from occurring.

2.    Examine the Situation

The next step is to examine the impact of the data breach. It is essential to determine if personal or confidential data was captured. If this is the case, calculate how many people's information was obtained.

Working with a team of experts to lead the data breach investigation can be a wise use of resources. Consider hiring legal counsel, information security experts and other professionals who can provide insight and help the process go more smoothly.

3.    Notify the Appropriate Parties

Once you’ve addressed vulnerabilities in your system and gotten them in check, you should create a plan to help you inform the affected parties. Both when and how you need to communicate about the breach will depend on factors like location and the number of individuals affected, so be sure you understand which regulations apply to your business.

4.    Stop Further Breaches and Monitor the Situation

The only thing worse than a data breach is multiple breaches. Ensure that you have taken the necessary measures so that further security incidents are not a possibility.

Examine all the preventative steps and look at ways the security teams can improve them to ensure that another breach does not happen. Continue to monitor the situation and adjust where needed.

Stopping Data Breaches Before They Happen

While data breaches can happen to any company, it is essential that you put preventative measures in place. Alongside this, a company should follow cybersecurity best practices to reduce the likelihood of these incidents occurring.

If this event does happen, ensure the appropriate parties are contacted and try to contain the situation as soon as possible. With the proper procedures, you could reduce the damage sustained from the attack.

Zac Amos
Zac Amos
Zac Amos is the features editor at ReHack, where he covers trending tech news in cybersecurity and artificial intelligence. For more of his work, follow him on Twitter or LinkedIn.

Related Posts

What Does the Future of Zero Trust in OT Look Like?

Zero trust principles have established themselves in the mindshare of cybersecurity practitioners worldwi...
Jacob Chapman Dec 20, 2024 7:00:00 AM

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM