How a CIO Should Deal With the Aftermath of a Data Breach
- 12 December, 2008 10:34
The 5.30am electronic rumble of a BlackBerry set to vibrate. The sound no CIO wants to hear at that hour as it can only mean bad news.
The chief security officer apologises for waking you but she is clearly agitated. She has just been woken herself by the security consultants you called in to carry out a data audit. The team pulled a late shift last night and discovered some anomalies in the main customer database. The CSO is doing a poor job of covering her panic as she stumbles out with: "It might be nothing". But you both know that you wouldn't be having this conversation now if that's what she really felt.
Despite the security breach at HM Revenue and Customs (HMRC) in November last year, it seems that many companies are still failing to heed the lessons learned from the incident. The Information Commissioner's Office (ICO) has been notified of almost 100 data breaches by public, private and third sector organisations since HMRC. "Data is the lifeblood of many organisations but it is not often looked after very well," says CIO Peter Birley of law firm Browne Jacobsen on his personal CIO Blog. Recent high-profile breaches include the loss of the personal details of around 5000 prison officers in September this year and allegations of a significant data loss at US hotel chain Best Western.
While the organisation itself claims it only affected a handful of customers, what ever the real number, Best Western has suffered damage to its brand as a result. And this is damage that other firms could well face if they don't take the necessary preventative steps to secure data and react in the right way if the event of a breach.
Firstly, don't panic. "People immediately start to think the world is about to end -- all kinds of scenarios are played out in people's minds. These thoughts are crippling and will get worse the longer they fester, so ditch them and get on with the job. The reality is a professional and energetic approach will do more to protect you than hiding in a corner," says Peter Chada, director of the Technology Advisory Service for financial services specialist BDO Stoy Hayward.
The golden first hour
In the first hour after a security breach it is vital to make an assessment of the damage the data could cause, experts say. For example, that means thinking about who would be interested in that data and what effect it might have on not just the individuals concerned but also other effects. For example, in the recent incident at the Prison Service, the safety of prison officers' families who may have been targeted if the data fell into the hands of criminals.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Five trends affecting legal CIOs
CIO Roundtable: The changing face of security
Bitcoin malware count soars as cryptocurrency value climbs
Bouncing Back From CIO Unemployment
Union slams latest fibre-to-premise trial in Tasmania
Assessing IP Telephony Total Cost of Ownership
Understanding total cost of ownership (TCO) of IP telephony (IPT) and unified communications (UC) implementations is critical to sound decision making. Based on data gathered from 211 Enterprises, this whitepaper reveals TCO for each vendor across a range of implementation sizes.
Pathways Leadership Development Program Overview 2014
CMO's Customer Engagement in a Multi-Channel Marketing World
In CMO’s inaugural customer engagement report, we look at how Australian marketers and customer relationship managers are responding to the needs for cross-channel engagement, where the barriers still lie and the importance being placed on these activities by their wider organisation.