Law enforcement agencies embody “protect and serve” every day on the streets, but they do not always extend that oath to safeguard the information and materials collected during the investigative process from potential data breaches. Due to the amount of sensitive information in the hands of agents, data breach response plans are critical for all organizations to consider, not just those working in corporate settings.
When a department does have a plan, it is likely to be reactionary and focused on preventing further data loss. Such policies fail to address the impact experienced after the breach by both the organization and the individuals whose data was compromised. An effective response plan may not be able to prevent damage an agency’s reputation, but it can soften the blow and minimize legal risks.
Data breach response plans must be actionable
Cybersecurity was already a top concern among public safety agencies prior to the data breaches at the Office of Personnel Management (OPM) in 2015. The OPM attacks—which netted personally identifiable information (PII) for over 25 million people—serve as a grim reminder that agencies are vulnerable even if their actions and protections are strong. Even the strongest safeguards can’t guarantee complete safety, but departments benefit when their leaders take action prior to a cyberattack.
To create an effective course of action, departments need a system for reporting potential incidents, as is often required by state and federal law. Design of this system must include training to allow every officer to feel comfortable describing internal actions deemed improper or dangerous to overall network safety, such as opening suspicious emails. The agency leader handling reporting must be prepared to meticulously document every piece of information presented in the event of a data breach, according to the U.S. Department of Justice.
One way an organization can evaluate a threat quickly is to develop—in advance—a scale for assessing the seriousness of an attack. Each value in the scale is accompanied by contact information—in particular, a forensic team and a law enforcement agency with cybercrime expertise—and the next steps to take in response. By prioritizing the data most in need of protection, agencies can quickly match the breach with an appropriate response. For example, information security company Heimdal Security suggests that departments scale their response to the seriousness of the breach.
When a breach containing PII is confirmed, in most states notification must be one of those actions. Recipients of the bad news could include internal personnel and people external to the organization, including criminals and suspects whose records may have been accessed.
Pair a response plan with preventative measures
An efficient and effective data breach response plan is not limited to critical response during and following a breach. It also demands attention be paid to mitigate the factors that can lead to a data breach.
Much of the work of a response team can be done prior to a breach. Each step articulated as part of a response plan likely has information that can be gathered immediately and maintained for use when a breach occurs. Organizing a list of stakeholder contacts to call, for example, or upgrading the encryption strength of communication channels are activities that are best undertaken before a critical response.
To support a data breach response plan, organizations can also designate a specific team to handle cyber threats in advance of such breaches. Sometimes, to be effective, organizations have to alter their reporting structure. A chain of command focused on security and compliance can help departments develop a more direct response to data breaches, according to Security Intelligence.
When creating a team, consider roles that fit into the context of a data breach. Legal staff, public relations personnel, forensics specialists, and chief administrators need to be included in order to carry out the best possible response. One of their most important tasks following any attack is to confirm the scope and severity of the breach by reaching out to those affected. The execution of this critical action will influence how well an organization can survive a hit to its reputation.
Advance attention must also be given to educating those not on the response team. Even the smallest of mistakes by employees can cause an agency-wide problem.
According to telecommunications giant Verizon, 58 percent of cybersecurity issues are the result of workers mishandling data or accessing information they weren’t approved to view. Training workers on safe information-handling practices, such as only using secure networks to transfer authorized information, can reduce data breaches stemming from human error. Intentional use of data privileges to restrict access to a handful of authorized employees can further limit the potential for error.
Practice is crucial for plan efficiency
Data breaches happen quickly. Unprepared organizations will spend considerable time trying to determine the appropriate reaction, allowing the problem to compound. According to TechTarget, a lack of team preparedness is a larger pain point during a cybersecurity breach than flaws in the infrastructure.
Agencies that incorporate training to encourage preventative measures will facilitate a more effective response from both employees and important partners. By implementing preparatory practices—such as tabletop exercises and regular meetings with law enforcement partners—response teams are able to move more rapidly to secure the network and alert appropriate people of the scope of the breach.
In their Computer Security Incident Handling Guide, NIST offers recommendations for coordination and information sharing for organizations looking to improve their data breach response programs. For example, the team member responsible for communication with law enforcement must already be familiar with the reporting steps. Emily Mossburg, a cyber risk leader with Deloitte & Touche, stressed the importance of cultivating internal and external relationships among those who are expected to respond to a breach.
Since cybersecurity has become an increasing concern, law enforcement agencies will benefit from establishing a data breach response plan. These procedures require team members from a variety of backgrounds and with adequate training to be efficient. With preparedness and preventative measures in place, departments can minimize the likelihood that data attacks will irreparably disrupt their mission.