Skip to main content

Act fast but thorough: How to respond to a security crisis

Ideally, security breaches are prevented rather than responded to, but no company’s defences are completely impenetrable.

Therefore, it is up to businesses to ensure that they have a strategy for responding to security crises that prevents repeat attacks.

First of all, companies should identify which of their systems and data sets have been compromised. Businesses will need to be aware of any potential regulatory or legal ramifications stemming from the breach and should notify any affected individuals, such as customers, as soon as possible to limit further damage.

Businesses should then locate the source of the vulnerability that allowed the breach to occur. It could be human error, a coding flaw or a targeted theft, and each will require a different response to bolster future defences.

With these initial responses complete, businesses should conduct a thorough review of the security crisis immediately. Businesses may want to consult with legal advisors before carrying out a full assessment of company policies and procedures to see if any have been broken or if they must be amended going forward.

One of the best ways for businesses to ensure that they react quickly and rapidly to a security flaw is to have a business continuity plan (BCP) in place. This sets out the best practice for responding to a disruptive situation whether it is a natural disaster or a cyberattack. In particular, a BCP outlines which processes are critical for a business to continue operating. By identifying these, it may be possible for companies to mitigate the amount of lost revenue as a result of a security breach.

Although prevention will always be preferable, businesses should ensure that all members of staff understand the importance of acting swiftly when faced by a security crisis.

Register for IP Expo Europe now for FREE and save £35 (opens in new tab)

Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with IT Pro Portal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.