Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Five Ways To Survive a Data Breach Investigation

When the digital forensics crew comes in to investigate a possible data breach, company execs often make matters worse by not being prepared. Here are five ways to keep it from happening to you
Page:

Security experts say it all the time: If a company thinks it has suffered a data security breach, the key to getting at the truth unscathed is to have a response plan in place for what needs to be done and who needs to be in charge of certain tasks. And, as SANS Institute instructor Lenny Zeltser advised in CSOonline's recent How to Respond to an Unexpected IT Security Incident article, "ask lots and lots of questions" before making rash decisions.

Unfortunately, many companies still fail to heed that advice and end up in a lot more trouble than was necessary.

Robert Fitzgerald, a Boston-based digital forensics investigator and president of The Lorenzi Group LLC, finds that at many of the companies he investigates, the words of Franklin D. Roosevelt ring true: The only thing [companies] have to fear is fear itself.

"People get nervous when we come in and it's a shame, because our job isn't to tear through and tell you how bad you are," Fitzgerald said. "We're not law enforcement."

But people get nervous anyway. So they do stupid things on purpose or by accident that lands the company in a heap of trouble. People who fear lawsuits or have something to hide tamper with evidence [Fitzgerald calls it "spoliation"] in ways that may seem clever -- overwriting files, reinstalling the operating system, loading a bunch of other data on discs and drives and them deleting them -- but are easily uncovered during an investigation.

To help companies avoid such madness, Fitzgerald recently sat down with CSOonline to outline five steps that can be taken to ensure a smooth investigation that ends with the company's reputation intact.

1. Have a response that's built for speed

When a company brings in Fitzgerald's crew, the goal is to move with all deliberate speed so the truth can be uncovered and corrective measures can be made. Nothing gets in the way of that like a company that has nothing ready when the investigators arrive. To that end, it's important straightaway to have such items on hand as the employee manual, rules for who can do what on work machines, office and personal e-mails and computer software and hardware.

"Data is fluid, it moves quickly, so we move quickly," he said. "If you call us this morning, we want to be there this morning. The longer you wait, the more likely evidence will get spoiled. When we make suggestions, in the presence of legal counsel, we'll make suggestions we think is best for you."

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: DAS, Gigabyte, SANS Institute, Speed
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: data breach, investigation, security
Latest Blog Posts
Whitepapers
  • 10 Essential Steps to Email Security
    Modern business is reliant on email. All organisations using email need to answer the following questions: How do we control spam volumes without the risk of trapping a business email? How do we prevent infections from email-borne viruses? How do we stop leakage of confidential information? Can we detect and stop exploitation from phishing attacks? How do we control brand damage from occurring due to employee misuse? How do we prevent inappropriate content from being circulated?
    Learn more »
  • Oracle Exadata - Extreme performance, lowest cost.
    As organizations contend with escalating demands for greater quantities of information, more sophisticated data analysis, and a burgeoning user population, Oracle Exadata makes database workloads faster, easier to manage, and less expensive. Oracle Exadata is the world’s first database machine to provide extreme performance for both data warehousing and online transaction processing (OLTP) applications. Read this whitepaper.
    Learn more »
  • The State of Data Security
    Recognize how your data can become vulnerable, including the latest issues stemming from unprotected data on mobile devices and social media sites. Understand the compliance issues involved, and identify data protection strategies you can use to keep your company’s information both safe and compliant.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments