Great. The unthinkable has happened to your company. Along with Sony, Home Depot, Target, and Apple, you can add your company to the long list of recent data security breaches. With the overwhelming feeling of dread, sense of loss, and panic, there’s confusion. What do you need to do to take control of the situation? Here are some steps to take in responding to a document security breach.
1 – Don’t Panic
Any sort of security breach can be alarming, but it’s important not to panic in order to avoid hasty, poor decision-making. Take a deep breath. Just as you would tackle any other company problem, assess the situation and put together a thought-out plan of action.
2 – Prevent Further Damage
First thing’s first, control the incident to mitigate overall damage. Secure systems that were left vulnerable and prevent further unauthorized access to documents. It’s also important to make note of exactly what information was leaked. Secure any backups you may have of documents that were compromised to preserve information.
3 – Get Organized
You’ll want to notify any key company officers and board members as soon as possible. From there, establish a response team with the technical expertise to make the right decisions. Everyone on the team should have a good understanding of the incident and be familiar with the information that was compromised.
4 – Lawyer Up
If the document security breach is serious enough, it may be advisable to seek legal advice. Your lawyers will help you put together a strategy, run an internal investigation, interact with law enforcement, and comply with any legal requirements.
5 – Review Your Document Security Policy
Hopefully your company has a document security policy already in place. If so, your response team will want to review those policies to make sure that any response to the incident is consistent with company guidelines (and any other laws and regulations).
6 – Investigate
Launch an investigation to find out exactly how and why the document security breach occurred, and whether legal action will be required. This could be done internally with your company’s technical team, however, if the situation proves to be more complicated, it might be wise to hire a forensic investigator that specializes in security breaches.
7 – Notify Law Enforcement
If the investigation reveals reasonable concern that the document security breach was the result of malicious, criminal activity, the appropriate law enforcement authorities should be notified.
8 – Notify the Public
Whether your company is legally required to notify the public or not, it may be beneficial to do so in order to squash any negative buzz. By getting ahead of the press with an accurate account of the incident, you can help protect your brand reputation and reassure your company’s stakeholders (customers, investors, employees, etc.).
9 – Invest in Document Security
Now that the hard lesson has been learned, it’s time to take action to prevent a document security incident from reoccurring. It’s hard to think that this whole disaster could’ve potentially been avoided with a document security strategy, but hindsight is 20/20. Develop a plan and consider investing in a document security solution that will protect the contents of your documents and give you better control of who has access to those documents.
Is your organization at risk of experiencing a document security breach?
Use our risk grader to quickly assess your company’s risk and see what you can do to secure your information.