Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

Leadership

Meet the MetaCompliance Leadership Team

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

The Key Steps to Effective Data Breach Management

Data Breach Management

about the author

Share this post

Having a data breach management plan in place ensures that the right personnel and procedures are in place to effectively deal with a threat.

Imagine the panic when a massive data breach is detected, perhaps one that has been ongoing for months. In 2017, Equifax alerted the world to the theft of multiple millions of data records that were held under its watch.

The theft was initiated by a vulnerability in Apache Struts, a widely used development framework. Equifax knew about the vulnerability, but the employee tasked to patch it didn’t do so. A series of unfortunate events, including a failure of patch scanners to locate further multiple vulnerabilities, exacerbated by several human operator failings, ensued.

Equifax has since spent around $1.4 billion (£1 billion) upgrading its security. The company was also fined half a million GBP by the UK’s Information Commissioner’s Office (ICO), and Equifax’s ex-CIO was given a four-month prison sentence for using the breach for personal gain. The Equifax data breach was the stuff of enterprise nightmares.

By “walking a mile in someone else’s shoes” we can understand how each part of an organisation effectively handles data breach management. By reflecting on how each department can help to de-escalate the chain of events that lead to a data breach, data exposure can be managed more effectively.

The How, and Why of Data Breach Management

Data breaches affect everyone in an organisation. By the same token, everyone can help to prevent or minimise the impact of a data breach. Below is a look at the different responsibilities of five key areas in an organisation and the type of responsibilities each has in managing a data breach.

The Security Incident Team

Data breach management and prevention is the mainstay of the security incident team. This team has been increasingly called upon as data breaches increase in numbers and intensity. Their role is central to the management of a data breach and the team relies on a robust process to help them in this task. The security team should be able to turn to an incident response plan and a disaster recovery plan to help them contain the breach. These plans help to inform actions once a breach occurs.

Typical steps in breach containment and management include:

Confirm the breach

It may seem an obvious step, but confirm that the breach has happened and if it impacts confidential or sensitive data. The data collected during breach analysis will be called upon if the breach is bad enough to notify a supervisory authority. Information that should be collected and documented includes:

  • How the breach was detected
  • Where it occurred
  • Who is impacted (include any ecosystem vendors)
  • Who reported the breach
  • The date(s) any breaches occurred
  • What level of risk the breach poses to the organisation/customers, etc.
  • Is the breach now fully contained?

How did the breach occur?

An analysis of the breach is not only needed for compliance reasons, but it can also help mitigate future data exposure. Breach dynamics are varied. Data can be exposed by a variety of both accidental and malicious mechanisms. Identify these mechanisms: was this an accidental employee exposure or a malicious hack? Understanding the vectors and tactics used can help alleviate the exposure and mitigate the attack.

The type of data affected

Being able to identify the risk level of data impacted is crucial both for breach notification and compliance, as well as understanding the overall impact on the business. Document the type and risk level of data breached. An organisation should already have developed a classification system based on a standard such as ISO 27001. This standard sets out four categories of data:

  1. Confidential (only senior management have access)
  2. Restricted (most employees have access)
  3. Internal (all employees have access)
  4. Public information (everyone has access)

Containment and recovery

Once a breach has been detected it is vital to contain the breach as fast as possible. Actions taken during the breach analysis will allow a strategy of containment to be created. Breaches that involve employees may require a review of security awareness training. Breaches that involve external malicious hackers will need further exploration of systems and mitigative measures. Recovery plans must be put in place to minimise the impact of the breach.

Legal and Compliance

All of the documentary evidence collated on the breach is used by the legal and compliance departments to deal with the aftermath of the breach.  The legal and compliance teams will decide if the breach falls under the remit of a breach notification requirement; for example, under Section 67 of the UK’s Data Protection Act of 2018 (DPA 2108), a data breach notification must be made to the ICO within 72 hours of the company becoming aware of the breach. All of the documented evidence on the breach, the where, why, and how it is mitigated, collected by the security team, will be used in this disclosure. There may also be a requirement to disclose the breach to anyone affected. This may require a full public disclosure letter published on the company website.

Notification rules

Key to the legal handling of a data breach is making an informed decision as to if/when to notify the supervisory authority about the breach. Questions such as, is there a regulatory imperative to report the breach, can only be made by qualified, knowledgeable staff. This decision may require the breach to be made public: this has obvious long-lasting reputation effects and will likely involve the marketing department to minimise brand impact. Here are a few examples of public breach notices:

Equifax breach

CapitalOne breach

Twitter breach

The breach notification rules vary across different regulations. For example, according to the EU’s General Data Protection Regulation (GDPR), breach notification must be done within 72 hours of identifying a breach has occurred. However, under the Privacy and Electronic Communications Regulations (PECR, regulation that is applied to internet and telecommunication service providers) a personal data breach must be reported to the ICO no later than 24 hours after detection.

The Staff

Making staff part of the breach management process, they become a frontline resource in the fight against cyber-attacks. Staff and security cover a wide spectrum of potential vulnerabilities from accidental data exposure to phishing to collusion with external hackers.

According to Verizon’s Data Breach Investigation Report 2020 (DBIR) around 17% of data breaches can be traced back simply to errors. For example, employees sharing passwords or reusing passwords across multiple applications is poor security practise.

Phishing is still the cybercriminals’ weapon of choice; phishers love to mimic brands like Microsoft to trick users into handing over corporate credentials. Security awareness training teaches employees about the many positive ways they can help to maintain a good company security posture.

In terms of breach management, staff awareness must extend to an understanding of their responsibilities within various regulations, such as ensuring that customer data is respected and used within the confines of legislation such as DPA 2018 and GDPR. By understanding where a breach could occur, along with responsibilities under various relevant regulations, an organisation can co-opt staff into the breach management process.

It is important, however, to train staff to the relevant level. Some staff, such as technical employees may need specialist security training and/or go through certification.

New hires must be onboarded to an organisation’s security awareness training programs from day one. Regular reviews of security awareness training of staff in areas such as:

  • Phishing
  • Security hygiene
  • Awareness of data security responsibility

…should be ongoing to stay effective.

Security awareness training should be incorporated into the company security policy as part of a data breach management process.

Third-Party Vendors

Vendor ecosystems can be complex and can involve fourth and fifth-parties. A recent report from Accenture, “State of Cyber Resilience 2020”, found that 40% of security breaches start with indirect attacks at the supply chain level. Vendor risk management is part of the effective management of a data breach. Vendor-related data breaches are a two-way consideration. As well as performing a vulnerability analysis of the vendor links to mitigate cyber-attacks, when a breach occurs, the vendor ecosystem must be analysed to see if the breach impacts the vendor.

The Board

A UK Gov report “Cyber Security Breaches Survey 2021” found that 77% of businesses believe that cyber security is a high priority for their directors or senior managers. As a result of the high-profile of data breaches, more boards now include security domain experts. When a data breach occurs, an educated board can support the rest of the organisation in handling the breach, ensuring that regulatory requirements are met, and ensuring that a budget is available to manage the breach and mitigate against further attacks.

Do Employees Know What To Do When There Is A Data Breach?

Putting data breach management measures in place is a whole business task. One of the key parts of delivering effective data breach management is in the way that you train your staff. Relevance is key in ensuring that incident management works for your organisation. Every organisation must develop its own relevant and unique approach to reporting and managing a security breach.

Drilling down to optimise awareness begins at the people and process level. Every aspect, from the smallest detail to the big picture must be thorough enough to ensure that your incident response policy is robust and understandable by all staff. This must include:

Communications: From the telephone numbers used to the email address or any other system used to report a breach

Roles and responsibilities: Highlighting the relevant incident managers and their responsibilities

Actions: Who does what and when and how they carry out their role in helping to manage a data breach

Remediation: How to fix the breach and lessons learned, including any update to security awareness training

In larger multinational companies these lines of communication need to reflect across the entire organisation, bringing the company departments and offices together.

Everyone needs to buy into this plan, from employees to managers to board members.

Cyber Security Awareness for Dummies

Other Articles on Cyber Security Awareness Training You Might Find Interesting