5 Ways To Survive a Data Breach Investigation - CSO Online - Security and Risk, page 3

5 Ways To Survive a Data Breach Investigation - CSO Online - Security and Risk, page 3
Vaclav Vincalek

Vaclav Vincalek in Internet security

Captured on 15 Apr 2009 from www.csoonline.com

Page 3

 

3. Bring in the lawyers
Company executives are often slow to bring in legal counsel. That's unfortunate, Fitzgerald said, because the lawyers are on your side and can help you construct a sound game plan to keep the company out of trouble.

"When you bring in lawyers, psychologically it makes the problem real," he said. "It's scary for executives who don't want to make it look like they're circling the wagons."

The best approach is to collect every bit of information that may be helpful, give it to legal counsel and let them piece together the story.

4. Decide if you want a "loud" or "silent" probe
Companies should decide at the beginning if they want investigators to come in with a bang or a whisper. The right approach depends on what a company thinks it's up against.

"When we come in companies have us either do it with guns drawn and blazing, equipment in bags and boxes wheeled in, looking like we're hunting for aliens, or they have us come in quietly in a way where no one knows we're even there," he said. If the company smells a rat, the loud approach could be used to rattle employees who might know something into coming clean.

"They want to make an example of the incident," Fitzgerald said. "They have a pretty good idea that it may have been an employee or team of employees leaving to work for a competitor. They want to show that they have control and power and that whoever tries to steal is going to get caught."

More often than not, the quiet approach is called for. Employees typically want to do the right thing, Fitzgerald said, and if his team is polite and friendly and set up shop in a conference room off to the side, the work is done in three hours and data is taken back to the lab.

"If someone is still with the organization, you want to go in quietly, at night and on weekends. They don't want to make a big thing of it until they know what they are dealing with and what the potential liability is."

5. Educate the employees
Fitzgerald said education is the best way to ensure people like him aren't needed in the first place.

"Educating employees is so important," he said. "If they know what they can and can't do and all the tech policies are in place, the potential for an incident drops dramatically."

Responses

Please Login to respond

Get Gleanr!

What is Gleanr?

Gleanr is the networking engine for digital-age professionals. Get impact (& income!) in the information streams you care about.

How does it work?

Your custom Gleanr channels automate information flow relevant to you. All you do is "click" - we do the rest (instant capture, indexing, and networking).

What is the value?

Gleanr is the only web service where professionals can manage and monetize their expertise.

Is this more web 2.0?

Yes, but for work. Now you can capitalize on your unique ability to filter and enrich professional information streams.

Show me!

Explore the public parts of professional information streams here, or take the Gleanr Tour.
Gleanr Tour

Sign me up!

Join Now