The first steps in managing a security incident are the most important in order to limit and contain the impact of a cyber-attack and to ensure that the activity of the company won’t get interrupted or seriously affected.
From Secure & IT we therefore recommend in the event of a security incident, to taking into account the following tasks depending on the position held:
Employees:
– Be alert to suspicious emails or communications that we may receive.
– Request a forced password change from the IT department, if we believe that it may have been compromised.
– Communicate these and other technical problems that we may suffer as soon as possible to the IT department. For example, there are certain types of viruses that can make our computer run slow, distort the image or do things automatically.
IT Department (including the Chief Information Security Officer, CISO, if any):
– Record the incident and categorize its criticality according to whether confidential information or even personal data has been compromised.
– Assess whether it is necessary to contract a computer forensic investigation to determine the focus, cause and impact of the incident
– Inform the Data Protection Officer (DPO), if any, or the company’s legal advisor and senior management, so that they can file a complaint with the State Security Forces (in Spain, National Police and Civil Guard).
– Talk with those affected, collect all possible evidence about the incident and document through technical reports the containment and eradication measures deployed.
Legal Department (including the Data Protection Officer, DPO, if any):
– Once the complaint is filed, assess whether it is necessary to notify the national control authority (in Spain, the Spanish Data Protection Agency – AEPD) in compliance with the maximum period of 72 hours from the detection to communicate the data breach suffered.
– Carry out the corresponding impact assessment to determine the degree of affection by the incident in relation to the holders of the compromised personal data and document the legal implications for the company through a relevant report.
Management Board:
– Issue a statement to all interested parties that may have been affected by the incident (employees, customers, suppliers, etc.).
– Assess jointly with the IT department and the legal department the implications that the incident has had for the company and how to ensure its business continuity, based on the possible loss of good image and trust in the market.
– Establish strategic plans that improve cybersecurity at the corporate level and allow solving the root cause of the incident, thus preventing it from occurring again.
– Approve budget items dedicated exclusively to information security. Both to improve it and to be able to deal in the future with other possible incidents of this type and the economic damages that these may cause.