The Trust Catalyst Data Breach Prep Kit

Similar documents
Foster Care/Texas State Adoption Frequently Asked Questions

Doctorate(in(Leadership(Ed.D.)

VDI and snapshots: A winning combination

Threat!and!Vulnerability!Assessments!

Identity Theft Repair Kit

PRIVACY AND SECURITY SURVIVAL TRAINING

CSR Breach Reporting Service Frequently Asked Questions

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Data Privacy & Security: Essential Questions Every Business Must Ask

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Data Loss Prevention and HIPAA. Kit Robinson Director

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C

MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009

HIPAA PRIVACY AND SECURITY AWARENESS

Cyber Insurance: How to Investigate the Right Coverage for Your Company

Protect your organization s sensitive information and reputation with high-risk data discovery

Andrews University Payment Card Acceptance Policies & Procedures. Prepared by Financial Administration

Reclaiming your identity

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. rny@crlaw.com Phone: (336)

Vulnerability Management Policy

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Responding to New Identity Theft Laws

H 6191 SUBSTITUTE A AS AMENDED ======= LC02663/SUB A/2 ======= STATE OF RHODE ISLAND IN GENERAL ASSEMBLY JANUARY SESSION, A.D.

Data Management Standard

Encrypting*a*Windows*7*Hard*Disk* with%bitlocker%disk%encryption!

Information Security Risk Management

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

BYOD and Its Impact on IT. Making it easy to deploy, integrate and manage Macs, iphones and ipads in a Windows environment

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator


<Insert Picture Here> Oracle Database Vault

Cloudy With a Chance Of Risk Management

Payment Card Industry Data Security Standard

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

Property of CampusGuard. Compliance With The PCI DSS

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

INFORMATION SECURITY FOR YOUR AGENCY

Network Security & Privacy Landscape

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009

Identity Theft Victim Checklist

Use Our FREE Tool to Scan for HIPAA and Meaningful Use Security Compliance Risks

ID Theft Toolkit and Affidavit

Top Ten Technology Risks Facing Colleges and Universities

Management and Storage of Sensitive Information UH Information Security Team (InfoSec)

PII = Personally Identifiable Information

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

Mastering Data Privacy, Social Media, & Cyber Law

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Protecting personally identifiable information: What data is at risk and what you can do about it

David Coble Internal Control Officer

Payment Card Industry Data Security Standard PCI DSS

Identity Theft Affidavit

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals

RETHINKING ORC: NRF S CYBER SECURITY EFFORTS. OMG Cross Domain Threat & Risk Information Exchange Day, March 23, 2015

Transcription:

TrustCatalystDataBreachPrepKit +1.415.887.9330 Page1of21 www.trustcatalyst.com The Trust Catalyst Data Breach Prep Kit Preparingyourorganization sresponsebefore navigatingadatabreach Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page2of21 +1.415.887.9330 www.trustcatalyst.com ExecutiveSummary Thenumberofrecordsexposedindatabreachincidentsoverthelastdecadehasreachedepicproportionsputting customersinavulnerable,anxiousposition.accordingtothedatalossdatabasecreatedbytheopensecurity Foundation,overhalfabillionrecordshavebeenexposedinover1,990incidentssince2000andthisnumberisquickly growingasunreportedcasesareaddeddaily.and,whileaccidentaldisclosureshaveputcompaniesintheheadlines,a newenemyinthewarondatabreachisemerging cybercriminalswillingandabletoprofitfromidentityfraud.theu.s. DepartmentofJusticerecentlytestifiedtoCongressthatidentitytheftconvictionshaveincreased138%overthelastfour years.thefederaltradecommissionestimatedthatoverninemillionamericansarevictimsofidentitythefteachyear costingtheu.s.business$50billionindamagesannually. Increasingly,identitytheftcrimesaretargetedandorganizedbycriminalswhohaveacyberconnection.Perhapsnopieceofresearchhasputthe profitsofcybercriminalsmoreonthemapthantherecentverizondatabreachinvestigationreport,whichdocumentedthefindingsof258 compromisedrecordsstolenfromover600corporatenetworksinvestigatedbyverizon.unliketheopensecurityfoundation sdatabase,this reportfocusedonlyonthesubsetofcompromisedrecordsthatwereinvestigatedinconnectionwithidentityfraudcrimes.ninety eightpercent ofthesecasesinvolvedanoutsideintruderhackingintothecorporatenetworkthroughvulnerability,installingmalwareandcollectingdata. Ninety ninepercentofthetime,thetargetofthebreachwasaserver(asopposedtodatalossincidentswhichofteninvolvethelossofsensitive informationviaunencryptedbackuptapes,laptopsor dumpsterdiving ).Inover90percentofthecasesreportedbyVerizon,theattackerwas connectedtoaglobalcybercriminalringalreadyknowntolawenforcement.probablythemostdisturbingfindingwasthatforthemajorityof compromisedorganizations,theywereunawareofthebreach.mostoften,theseorganizationswerenotifiedbyeithertheircustomers,law enforcement,acreditcardcompanyorabusinesspartnerthatverifiedanidentityfraudcrimehadbeencommittedbeforeitwasdiscoveredby thevictimorganization. Inthisenvironment,ifyoustorecustomersensitivedata,youneedtobethinkingabouthowyourorganizationwillbepreparedtohandleadata breach.mostorganizationscollectingpersonaldataabouttheircustomerswillnotbeimmune.infact,webelieveorganizationsshouldprepare themselvesnowforbreachesthatmayhappeninthefuture.dependingontheseverityandsizeofthebreach,youwillfaceadifferentsetof managementchallenges.whenoutsidepressurefromcustomers,mediaandregulatorsmount,youwillnotwantthistobethefirsttimewhere yourdatabreachmanagementskillsaretested.inaddition,asmoreofourcustomersareactuallyvictimsinidentityfraudcrimes,wemuststep upourresponsesoasnottotallydestroycustomertrust.webelievethewaysuccessfulorganizationshandlebreacheventswillraisethestakes oftheytypicalresponseweareseeingtoday.organizationsinterestedinmaintainingarelationshipwiththeircustomerspost breachwillbe moreopenandtransparentandexchangemorecriticalinformationwithcustomersandlawenforcementagencies. Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page3of21 +1.415.887.9330 www.trustcatalyst.com TheDataBreachPrepKitwasdesignedtohelpyoustartthinkingabouthowyouwanttohandlebreaches.Itcanhelpyouprepareanincident responseplaninadvanceofabreach,helpyouthinkthroughhowtoeducatekeystakeholdersinyourcompanyandevenestimatepotentialcosts ofbreachessoyoucanbuildtherightplantoprotectyourcustomerstoday.unfortunately,thisprepkitalonecannotaccuratelypredicthowa databreachcrisiswillimpactyourspecificorganization,butitcanhelpyougetprepared,gatherthefactsandmakeimportanttrade offsrequired todeveloplong termstrategiestoprotectthevalueofyourcompany.ifyoufindyouneedmorehelpplanningyourresponseandweighingthe costs,contactusandwewillbehappytodevelopacustomizedplanforyourorganization. TheDataBreachPrepKitincludesanumberofhelpfulresourcesandisagreatforstepfor: Definingthethreetypesofdatabreaches Creatingadatabreachincidentresponseplan Managingthecrisis howtodefinestrategyforthreatlevel Databreachestimatedcostsworksheet Databreachincidentsresponsereportworksheets Databreachchecklist Referencesandhelpfulresourcesforfuturereading Wehopethisreferencehelpsyouuncoversomeofthequestionsyourbusinessneedstoaddressnowandhelpsyoucalculatetherisksandcosts tosellstrategiesthatwillhelpyouprotectyourcustomers. Bestregards, KimberlyGetgen FounderandPrincipal,TrustCatalyst email:kim@trustcatalyst.com direct:+1.415.887.9330 www.trustcatalyst.com Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page4of21 +1.415.887.9330 www.trustcatalyst.com DataBreachesDefined Therearethreedifferenttypesofdatabreachincidentsasillustratedintheillustrationandtablebelow.Eachtypeofbreachcanelicitadifferent typeofresponsefromtheorganization,whichiscriticalintheeducationofyourorganization,creationofyourresponseplananddetermining yourcosts. Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page5of21 +1.415.887.9330 www.trustcatalyst.com DataBreachesDefined AShortSummary DataLoss DataTheft IdentityTheft/Fraud Definition Common examples HowcanI reduce therisk? Accidentallossordisclosureofunencryptedcustomer PIIorothersensitiveinformation particularlythat usedinidentitytheft/fraudcrimes. Lostlaptop Losttapeormedia Emailaccidents UseencryptionandDataLeakagePrevention(DLP): 1. EncryptPIIthatleavestheorganization especiallyonlaptops,backuptapesandinemail. 2. Discoverwheresensitivedataislocatedwithin theorganization 3. MonitorPIIinmotionoverthenetworkfordata leaksofpiigoingtopartnersorthirdparties. 4. MonitorPIIleavingtheorganizationormistakes inwebapplications. Impacts Estimatedthereareoverhalfabillionrecords currentlyexposedandover1,990reporteddata lossincidentssince2000. Costsorganizationsmillionsindatabreach notificationprocess. TheaveragecostperrecordinUSis$202 Losttrustfromcustomerscancauselost business dependingonhowtheorganization respondstotheircustomers,lostbusinesscan accountfor69%ofthecostsofabreach TheftofPIIorsensitivedatausedinidentity theft/fraudcrimes.oftentheresultofacomputer intrusion(hacker)ormaliciousinsider(employeeor businesspartner)withpermissionstothedatawho stealsandusesinacrime. Computer/networkintrusion Exploitmistaketogainaccesstonetwork/hack intonetwork,installmalwareandcollectdata SQLinjections Malwareinyourcustomer scomputer Businesspartners;supplychain,vendors Insidermaliciousthreat Regularsecurityassessmentsandvulnerabilityscans conductedbyanoutsideforensicsorsecurity professionalservicefirm.duetopcirequirements, yourorganizationmayberequiredtoconductthese byqualifiedqsaacertainnumberoftimesayear. EvenifyouarenotregulatedbyPCI,youcan dramaticallydecreaseyourrisksbyconductingthese typesofauditsregularly. Oneforensicfirmhasestimatedtheircaseloadto accountforover258millioncompromised accounts thereareover600individualcases. Costsorganizationsmillionsindatabreach notificationprocess TheaveragecostperrecordinUSis$202in2008 Lostbusiness dependingonhowthe organizationresponds,lostbusinesscanaccount for69%ofthecostsofabreach. Regulatoryfines Coststomakecustomers whole Lawsuitsfromdamagedcustomers Lostorstolendataisactuallyusedinfor identitytheftorfraud.now,the customer/consumerisdamagedandavictim. Newaccountcreation Accounttakeover ATMorPINcompromise Fraudulentcharges(i.e.cardnotpresent fraud) Opennewloansandapplications Ifyouacceptpaymentforservicesonlineor offeronlinebanking/paymentproductsyou willbeinapositiontoacceptorreject transactionsyouthinkarefraudwith: Riskprofiling/riskscoringalgorithms Backendautomatedandmanualfraud detectionprocesses Cross industryinformationsharing databases Estimatedthereare9MUSIDtheft victimsayear USIDtheftconvictionshaverisen138% lastfouryears IDtheftcoststheUSbusiness$50million in2008 Averagecosttotheconsumerwhoisa victimofidtheftis$5,720 OnlinefraudcostseCommerce merchantsanestimated$10billion annually Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page6of21 +1.415.887.9330 www.trustcatalyst.com CreatingaDataBreachIncidentResponsePlan Ifyourorganizationexperiencesadatabreach,therearealotofmovingpartsandpeoplethatmustbemanagedeffectivelytoreducedamages fromdiminishedcustomertrust.youwillneedtogettherightinformationouttotherightpeopleveryquickly.businessleadersinyour organizationwhomayhaveneverworkedtogetherinacrisismayformyourincidentresponseteamand,asitoftenturnsout,different stakeholdershaveconflictingagendas.thisishardenoughtomanageundernormalconditionsbutamplifiedwhenmanagingacrisislikedata breach. Dependingontheseverityofthebreachandnumberofvictimsimpacted,youmayalsohavetobringinoutsiderstomanagedifferentaspectsof thecrisisincludinginvestigatorsandevenlawenforcement.and,asoutsidepressuresfromcustomers,mediaandauditorsorregulatorsmount, yourmanagementskillswillbetested.putsimply,theaftermathofdatabreachisnotthefirsttimewhereyouwillwanttobetested.putting togetheryourresponseplaninadvancecanbeinvaluablelearningexperience.inevitably,youwilluncoverquestionsintheplanningthatyour organizationmaynothaveconsidered.nowisthetimetouncovertheunknowns,getanswersfromkeystakeholdersandbuildingawarenessand recommendationsforhowdifferenttypesofbreachesshouldbehandledaswellasestimatetheircosttoyourbusiness. Gettingeveryoneonthesamepage Notalldatabreachesarethesame.Therearedifferentlevels,responsesandcostsbasedonthetypeofbreachyouencounter,numberof customersimpactedandtypeoffraud(ifany)found.and,ifyouareinthefortunatepositiontoactquickly,youcanbeginpreventingadataloss situationfromturningintoadatatheft/identityfraudcrisiswherecostsandstakesaredramaticallyincreased. Theworksheetbelowsimplifiesthetypesofbreachestofourdifferentscenariosthatrequiredifferentresponseplans.Thisworksheetwillhelp youworkthroughthetypeofresponseyouwillwanttoproducebasedonthestageofdatabreachencountered.itshouldhelpyoustartto identifythekeyresourcesyouwillneedtosuccessfullymanagethebreach.whilethisisnotacompleteresponseplan,wherepossiblewehave providedeitherrecommendationsorquestionsforyoutoconsidertobegintheprocessofbuildingyourown.werecommendusingthis worksheetasastartingpointtocreateachartinyourorganizationthatyoucanuseasaneducationaltooltopreparedifferentstakeholders abouttheactionthatwillberequiredandquestionsthatwillcomeupintheprocesstomanageadatabreach.trainyourorganizationonthe differencebetweenthedifferentlevelsofbreachesandhowissueswillbeescalatedandtreateddifferentlydependingonthestageofthebreach. Someorganizationsmayevenwanttoorganizemockbreachincidentslikeafiredrilltotesttheirteaminadvance.Also,becauseeach organizationisregulateddifferently,youmaywanttoaddwhatcompliancerequirementsyouwillspecificallyencounterateachstage. Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page7of21 +1.415.887.9330 www.trustcatalyst.com DataBreachIncidentResponsePlanWorksheet Stage0 Data Loss Lostlaptop,PDA, backuptapeorstorage mediawithsensitive datawaslost. Thisdatawasencrypted andthereisanauditlog thatprovesdatais protected. Response/ActionRequired Nonotificationprocessrequiredbecausesensitivedatahasbeenadequatelyprotected. RecommendedActions: Haveaninternalteaminvestigatewhatwaslostandproduceareportthatshowsresponseprovingthedatawas protected.includethenumberofrecords/customersyouprotectedinthisincidenceandestimatethecosthaving theseprotectionsinplacesavetheorganization. Reportonthesetypesofbreachestothebusinessasappropriatetobuildacaseforthereturnoninvestment technologiesyou veputinplacetoprotecttheorganizationareproducing. Questionsforthebusiness: Whoistheinternalteamandkeystakeholders? Isthereeveracasewhereencryptedlostdatawouldneedtobereportedpublicly?Ifso,documenttheseexamples andincludethemintheappropriatestageinthisresponseplan. Ifyouarenotencryptinghigh riskdata,whatispreventingthisfromhappening?perhaps,goingthroughacostbasedriskassessmentofthecostsofpreventinganotificationeventisrequiredtogetinvestmentforthesetypesof solutionsinyourorganization(forexample,seethecostworksheetprovidedinthisdocument). Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page8of21 +1.415.887.9330 www.trustcatalyst.com Data Loss Stage1 Lostlaptop,PDA, backuptapeorstorage mediawithsensitive datawaslost. Datalostwasnot encrypted. Response/ActionRequired Notificationprocessrequired.Customersatriskforidentitytheft. Recommendedactions: Securityteamproducesareportwithcriticalinformationforexample:customersaffected,numberaffected,where theyreside,dateinformationwaslost,typeofinformationthatwaslost(e.g.ssn,ccn ). Inyouropinion,whatriskexistsforthesecustomerstobecomevictimsofidentitytheft/fraud?Whatstepswould youtaketopreventcustomersfrombeingfinanciallydamagediftheybecomevictimsofidentitytheft(e.g.canyou workwithlawenforcement?shouldyouoffercreditmonitoringservicesoridentitytheftinsurance?whoshould receivetheseservices?) Createassessmentofsituationandoffertheorganizationarecommendedcourseofactiondependingonthetype ofinformationdisclosed/potentialrisk.howmuchwouldthiscost?arethecostsjustifiedbytheamountof businessyouwillsavefromnegativecustomerreactionanddiminishedtrust? Implementrecommendedcourseofaction Questionsforthebusiness: Whatwouldbetheimpactoflosingrevenuefrom30%ofyourcustomersfollowingthebreachnotification? Whoarethesecurityteamandkeystakeholders?Willyourequireoutsidesecurity,PRorlegalservices? Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page9of21 +1.415.887.9330 www.trustcatalyst.com Data Theft Stage2 Datatheftoccurred knowtheorigin/how theftwascommitted Response/ActionRequired Notificationprocessrequired.Customersatelevatedriskforidentitytheft. Recommendedactions: Appointteamthatproducesareportwithcriticalinformationforexample:customersaffected,numberaffected, wheretheyreside,dateinformationwaslost,typeofinformationthatwaslost(e.g.ssn,ccn ),howthedatawas compromisedandwhatstepsarebeingtakentopreventthisfromhappeninginthefuture. Inyouropinion,whatriskexistsforthesecustomerstobecomevictimsofidentitytheft/fraud?Whatstepswould youtaketopreventcustomersfrombeingfinanciallydamagediftheybecomevictimsofidentitytheft(e.g.canyou workwithlawenforcement?shouldyouoffercreditmonitoringservicesoridentitytheftinsurance?whoshould receivetheseservices?) Createassessmentofsituationandoffertheorganizationarecommendedcourseofactiondependingonthetype ofinformationdisclosed/potentialrisk.howmuchwouldthiscost?arethecostsjustifiedbytheamountof businessyouwillsavefromnegativecustomerreactionanddiminishedtrust? Implementrecommendedcourseofaction Questionsforthebusiness: Whatwouldbetheimpactoflosingrevenuefrom30%ofyourcustomersfollowingthebreachnotification?What canyoudotomakediminishtheimpactsoflostcustomertrustandlostcompetitiveadvantage? Whoistheteaminvestigatingthebreach?Isitthesameasinalevelonebreachordoesitchange? Willyourequireoutsidesecurity,PRorlegalservices? Whattypeofcasecanyoupulltogetherforlawenforcementsothattheycanactquickly,beforetherearefinancial damages?wouldthisbethesamecourseofactioniftherewereaninsiderwhostoledataversusahacker? Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page10of21 +1.415.887.9330 www.trustcatalyst.com Identity Theft or Fraud Stage3 Identitytheftoccurred becausenotifiedby outsidesource(e.g. consumer,customer) theyareseeing fraudulentactivitiesand youarethesourceof origin. Youdonotknowhow datawasstolen. ResponseActionRequired Notificationprocessrequired.Customershavebecomevictimsofidentitytheft. Recommendedactions: Bringinoutsideforensicsinvestigationteamtofindsourceoforiginanddetermine:customersaffected,number affected,wheretheyreside,dateinformationwaslost,typeofinformationthatwaslost(e.g.ssn,ccn ),howthe datawascompromisedandwhatstepsarebeingtakentofixtheproblemandpreventthisfromhappeninginthe future. Contactlawenforcementtodeterminewhatstepscanbetakentofindcriminalsandwhentonotifycustomers. Beginnotificationprocess.Whatstepscanyoutaketopreventmorecustomersfrombeingfinanciallydamagedas victimsofidentitytheft(e.g.offercreditmonitoringservicesand/oridentitytheftinsurance). Createassessmentofsituationandrecommendedcourseofactionthroughacostjustificationbytheamountof businessyouwillsavefrommorecustomersbecomingvictims,publicreactionanddiminishedtrust? Implementrecommendedcourseofaction. Questionsforthebusiness: Whatwouldbetheimpactoflosingrevenuefrom30%ofyourcustomersfollowingthebreachnotification?What canyoudotomakediminishtheimpactsoflostcustomertrustandlostcompetitiveadvantage? Whoistheoutsideforensicsteamyouwillcallintoinvestigate?Howoftenaretheyassessingyournetwork? Willyourequireoutsidesecurity,PRorlegalservices? Whatisyourrelationshipwithlawenforcement? Whattypeofcasecanyoupulltogetherforlawenforcementsothattheycanactquicklytocatchcriminals?Would thisbethesamecourseofactioniftherewereaninsiderwhostoledataversusahacker? Howmuchcashshouldbeputinreservefordamagesresultingfromlawsuits,settlementandfines? Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page11of21 +1.415.887.9330 www.trustcatalyst.com DataBreachEstimatedCostsWorksheet Thespreadsheetbelowgivesabreakdownofthevariouscostsinvolvedwithcleaningupadatabreach.Costswillvarydependingontypeof breach,numberofcustomersinvolvedandseverityofbreach.youcancustomizethistoyourorganizationorestimatesfordifferenttypesof breaches. Typeofbreach(dataloss,datatheft): Numberofcustomerrecordsexposed: Whatwasdisclosed(e.g.Creditcard,debitcard,socialsecurity,address ): Numberofcustomersexposed: Howmanycustomershavebecomevictimsofidentitytheft: CustomerManagement Costs Notification(letters,website,pressreleases,costofcreation,printingandmailing) Creditmonitoringservice Identitytheftinsurance Customerretentionprogram Customersupporthelpdesk Coststocreatenewaccountsorreplacementcards Coststomakecustomers whole EmployeeManagement Employeetrainingprograms Lostemployeeproductivity OutsideServices Legal PR/CrisisManagement/Communication Marketing ForensicInvestigators SecurityExperts RegulatoryFines/Lawsuits Fines Lawsuits NetworkUpgrades Securityupgrades(encryption,dataleakagemonitoring,services,etc.) TotalEstimatedCosts Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page12of21 +1.415.887.9330 www.trustcatalyst.com DefinitionsofCosts Notifications:Ifthebreachrequiresnotification,theorganizationwillneedtocreatethenotificationanddecidehowtheyintendtonotifythose impacted.theorganizationwillneedtodecideiftheywillbehandlingthenotificationoroutsourcingthisactivitytoanoutsidefirm. CreditMonitoringServices:Toimprovecustomersatisfactionanddependingontheseverityandtypeofinformationdisclosed,organizations maychosetoenrollthevictimsinacreditmonitoringserviceasanadditionallayerofprotection. IdentityTheftInsurance:Toimprovecustomersatisfactionanddependingontheseverityandtypeofinformationdisclosed,organizationsmay chosetogivevictimsidentitytheftinsuranceasanadditionallayerofprotectionandcustomerservice. CustomerRetentionProgram:Someorganizations(especiallyorganizationswhoareserviceproviders)createcustomerretentionprogramsin theaftermathofdatabreachtoexplainoutcomestotheircustomersinface to facemeetings.forexample,thistypeofinteractionwas encouragedaftertheheartlandbreachandthecostswerereportedintheirquarterlyearningscallafterthebreach. CustomerSupportHelpDesk:Dependingonthenotificationstrategy,itmaybecomenecessarytotrain,assignoroutsourcecustomersupport personneltoanswerquestionscustomers. Coststocreatenewaccountsorreplacementcards:Dependingonwhatwasbreached,someorganizationsmayneedtocreatereplacement cardsorprovidenewaccountcredentialstocustomersinvolvedinthebreach. Coststomakecustomers whole :Forcustomerswhobecomevictimsofidentitytheftorfraudasaresultofthebreach,organizationswillfind thattheyincurcostsmakingcustomers whole forfraudulentchargesordamages. EmployeeTrainingPrograms:Someorganizationsrollouttrainingprogramsforemployeesintheaftermathofsignificantdatabreachestoarm employeeswiththerighttypesofinformationthatcanimprovecustomertrust. LostEmployeeProductivity:Organizationsfacelostemployeeproductivityastheyaretakenoffrevenue generatingactivitiestodealwiththe aftermathofdatabreach.whatwouldbethecosttoyourorganizationifyoulostfive,tenoreven20percentofemployeeproductivity? LegalServices:Toeffectivelymanagethedatabreachcrisis,someorganizationsfindtheyneedtopayoutsidelawfirmswhohavespecialized expertiseindatabreach.theseservicesoftenrequireretainersormoneypaidupfrontforlegalfees. Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page13of21 +1.415.887.9330 www.trustcatalyst.com PR/CrisisManagement/CommunicationServices:Toeffectivelycommunicateandmanagethemediaandtheirbrand,someorganizationsturn tooutsideprfirmsthatspecializeincrisismanagementanddatabreach.anoutside,objectivepointofviewisoftenaninvaluableresourceto effectivelymanageadatabreachcrisisandimprovethehandlingofthebreachintheeyesofcustomersandvictims. MarketingServices:Tohelpplanthestrategytomanagethecustomersandbrandintheaftermathofdatabreach,someorganizationsturnto outsidemarketingandresearchfirmstoplanstrategyorhelpincreasecustomersatisfactionratingstodecreasethecostsinlostbusinessthat followdatabreach. ForensicInvestigationServices:Fororganizationsvictimofdatatheft,itisimperativethataforensicinvestigationfirmfindthesourceofthe breachandhelptheorganizationcaptureevidencethatcouldbeusedtocatchthecriminals. InformationSecurityProfessionalServices:DependingonthesourceofthebreachandinternalexpertiseoftheITorganization,some organizationsmayneedtoretainadditionalinformationsecurityprofessionalstohelpdeployorexecutemodificationsrequiredinthetechnology infrastructureintheaftermathofbreach. RegulatoryFines:Iftheorganizationhascomplianceorregulatoryrequirements,theycouldhavefinesassessedagainsttheorganizationfornot meetingtheserequirements. Lawsuits:Theorganizationmayfindtheyfaceanumberofdifferentlawsuitsfromclassactiononbehalfofcustomerstolawsuitsfromother businesspartnerswhoneedtoreclaimdamagesasaresultofthebreach. SecurityUpgrades:Manyorganizationsfindtheyneedtomakeupgradestotheirtechnologyinfrastructuretoprotectagainstfutureattacksor breaches.technologyinvestmentsoftenincludeencryptionprojectsanddataleakagemonitoringtechnology. Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page14of21 +1.415.887.9330 www.trustcatalyst.com IncidentResponseReportInformation PartI:Informationaboutthetypeofcustomersensitivedatayoustoreandregulationswithwhichyoucomply Thisinformationcanbecompletedinadvancesoyouhaveapictureofthesensitivedataresidinginternallyandregulationsthathave requirementsforprotectingthistypeofinformation.youmayfindthatyouwanttotakestepstoprotectadditionaltypesofinformationevenif notrequiredbylaw. Whattypeoforganizationarewe: []DataOwner []ServiceProvider WestorethefollowingPIIaboutcustomers: []Emailaddresses []CreditCardNumbers []DateofBirth []AccountInformation []Mother smaidenname []DebitAccountNumbers []EmployeeIDNumber []PINs []SocialSecurityNumber []CVVsorCardSecurityCodes []PassportNumber []CreditCardMagneticStripTrack1or2Data []Driver slicensenumber []Passwords,secretcodesoraccessnumbersforaccountinfo []Passwordsforonlineaccounts []BillingAddress []HealthData []ShippingAddress []Payrollinformation []PhoneNumber []Creditscores []Other: Wearerequiredtocomplywith: []StateDataNotificationLaws(U.S.) []PCIDSS []GLBA []HIPAA []UKDataProtectionAct []Other: Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page15of21 +1.415.887.9330 www.trustcatalyst.com PartII:DataBreachIncidentResponseTeam InternalTeam Completetheinformationforthekeypersonnelthatwillmakeupyourinternalteam,theircontactinformationandwhoistheprojectlead. DataBreachIncidentResponseTeam ContactInformation;IndicateProjectLead []ChiefExecutiveOfficer []ChiefRiskOfficer []ChiefFinancialOfficer []ChiefPrivacyOfficer []ChiefInformationSecurityOfficer []ChiefInformationOfficer []ChiefComplianceOfficer []GeneralCounsel []Marketing []Sales []CustomerRelations/CustomerSupport []Other []Other Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page16of21 +1.415.887.9330 www.trustcatalyst.com PartIII:LawEnforcementContacts Insertinformationaboutthelawenforcementcontactsthatyouwouldneedtocontactineventofacrimehasbeencommitted.Themore relationshipsyouhavewiththesepeoplepriortotheincident,theeasieritwillbetogetanappropriateresponse.attendindustrymeetingswith lawenforcementpresenceorestablishrelationshipswiththekeypersonnelwhenpossible. DataBreachIncidentResponseTeam ContactInformation Locallawenforcement: FBI U.S.SecretService U.S.PostalInspections InternationalLawEnforcement Agencies Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page17of21 +1.415.887.9330 www.trustcatalyst.com PartIV:DataBreachIncidentResponseChecklist Thefollowingisachecklistoftheitemsthatyoumayormaynotneedtocompletedependingontheseverityandnumberofrecordsbreached. Thiswillallowyoutodecidewhichitemsfityourbusinessneedsandassignownershipofthetaskswithacompletiondate. ProjectLead: IncidentStage(0 3): Planning: []Willyouprovidecustomerswithacreditmonitoringservice? []Willyouprovidecustomerswithanidentitytheftprotectioninsurance? []Willyoucreationnewaccountsorplasticforcustomers? []Ifcustomerisdamagedwithidentityfraud,howcantheyreportthistoyou? Tasks Owner Completion []AssignwhowillmanagePRaboutthebreach(currentfirm,crisismanagementfirmorinternalresource) []Determinecorporatespokespersonforbreachquestionsfrommedia []Writewebsitecopyaboutbreachandstepstakentoprotectcustomersfromidentitytheft []Approvewebsitecopyaboutbreach []Posttowebsite []Draftcopyforpressrelease []Approvepressrelease []Postpressrelease []DraftFAQforcustomers []ApproveFAQforcustomers []PostFAQforcustomersonwebsite []Createdatabreachnotificationletterstobreachedcustomers(oreditsampleletter) []Approvedatabreachnotificationletters []Createde dupedcustomermailinglist []Printandmailletters []CreateFAQforemployees(toeducateallemployeesaboutthesituation []ApproveFAQforallemployees []Posttointernalcorporatewebsite []Writeemailtonotifyemployeesaboutbreach []Approveemailtonotifyemployeesaboutbreach Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page18of21 +1.415.887.9330 www.trustcatalyst.com Tasks Owner Completion []Sendemailtoemployees []Determineifadditionalemployee/salestrainingrequired(concall,webcastormeeting??) []Scheduletraining []Sendinvitationstoemployeesrequiredfortraining []Writecustomersupport/helpdesktrainingFAQ []ApprovehelpdesktrainingFAQ []Trainhelpdeskpersonnelonhowtohandlecustomercallsaboutbreach Notes: Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page19of21 +1.415.887.9330 www.trustcatalyst.com PartV:IncidentResponseForm FrequentlyAskedQuestions Thequestionsbelowarefrequentlyaskedintheprocesstocreatenotificationletters,writeFAQsforcustomersandmanagethebreach. Marketing,PRandcustomer facingemployeeswillneedtoknowhowtoanswerthesequestions. Whatstageisthebreach(0 3) Whenwasitreported? Whendiditoccur? Howwasitdiscovered? Whowasimpacted? Hasitbeenremediated? Howwasitremediated? Howmanycustomersimpacted? Wherearecustomerslocated? Areyouworkingwithlaw enforcement? Havearrestsbeenmade? Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page20of21 +1.415.887.9330 www.trustcatalyst.com Conclusion WhilethepreventionofdatabreachismostlyanITfunction,managingtheaftermathofabreachturnsouttobealessofanITfunctionandmore ofamarketing/customerrelationsprogram.organizationsfindtheseeventschallengingbecausetheyareacrisisthatteststheleadershipof differentbusinessunitswithintheorganization.wehopethisdatabreachprepkitcanhelpyouplantheappropriateactionplanfordealingwith abreachbeforeoneaffectsyourorganization.wealsohopeyouareabletostarttoassembletherightinter departmentalteaminadvanceto helpprotectcustomers,theirtrustinyourorganizationtomanagetheirsensitiveinformationandyourbrand. WewillbeupdatingthisDataBreachPrepKitoverthecourseofthenextyear,aswereceivemorefeedbackfromtheorganizationsthatputitto use.emailtheauthorkimgetgen,principle,trustcatalystatkim@trustcatalyst.comtoprovidefeedbackorcheckbackatwww.trustcatalyst.com forupdatedversionsandnewresourcestomanagedatabreaches.weverymuchwouldliketohearfromyou.youcanalsojoinusatthe LinkedinGroup PreventDataBreaches toexchangeupdatesandquestionswithcolleaguesandpeersaboutthesubjectofdatabreachanddata protection. ResourcesMentionedinThisDocument: OpenSecurityProjectDataLossDatabaseat:www.datalossdb.org 2009VerizonDataBreachInvestigationReport:www.verizonbusiness.com/products/security/risk/databreach/ 2009OnlineFraudBenchmarkSurveyReport: https://365.rsaconference.com/community/efraudnetwork;jsessionid=f522af189405dbf831ed292fadfa9fd0 2008EncryptionandKeyManagementBenchmarkSurvey:www.trustcatalyst.com/Research.html ConsumerSurveyonDataBreachNotification,JavelinStrategyandResearch2008 AboutTrustCatalyst TrustCatalysthelpscompaniesmakecriticaldecisionsabouthowtoprotecttheirmostvaluableresource theircustomer strust.weunderstand thattheadoptionofasuccessfuldataprotectionorsecurityprogramisaboutsellingastrategytoalargeraudience.wespeakthelanguage businessexecutivesunderstandandquantifytheneedforsecuritybyhelpingestablishthecostsoflostcustomertrustandthedisruptionto businesswhenthattrustisbroken.asmoreinsidiousattacksfromcybercriminalsspecificallytargetingorganizationswithcustomer ssensitive datagrows,wehelpbusinessesunderstandthethreats,thecostsofthethreatsandhowtomaintaintrustedrelationshipswiththeircustomers. Learnmoreanddownloadhelpfultoolsthatcanhelpyouprepareforthesetypesofattacksatwww.trustcatalyst.com Copyright(c)2009TrustCatalyst AllRightsReserved

TrustCatalystDataBreachPrepKit Page21of21 +1.415.887.9330 www.trustcatalyst.com NoticeAboutThisDocument Thisdocumentisnotintendedaslegaladvice.Thisdocumentisintendedtoassistcompaniesgetajump startonpreparingtheirresponsetodata breachincidents.eachorganizationisdifferentandweencourageyoutocustomizetheseworksheetstoyourparticularsituation.ifyouhave feedbackoradvicetomakethisabetterguide,pleasecontactussowecanupdatethisguide.ifyouwouldliketoshareanyfeedback,please contactusatkim@trustctalyst.comorcall+1.415.877.9330. Copyright(c)2009TrustCatalyst AllRightsReserved

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information