Breach Management: Best Practices and Policies

Written by Veronika Fritz, Partner, Vonya Global

Breach Management Best PracticesCybercrime puts any business at risk—more so now than ever before, as the recent Target and Sony attacks emphasize. Cybercriminals are constantly working to find devious ways to destroy brands, disrupt operations, and steal information. Breach management policies are the key to addressing these growing cyber crime risks. The two concepts that business leaders must consider while developing breach management policies are business resilience and risk management.

Business resilience is a developing concept in business continuity. Business resilience is about more than disaster recovery and business continuity. Modern business resilience means enacting policies that allow organizations to detect, fight, and manage cybercrime and information security breaches. It also means finding technologies, processes, and people that can most effectively adapt to new threats. Business resilience must incorporate all of these measures to maintain brand equity.

In the breach management and security area, best practices can change significantly as technology advances. Analysis of risk management, due care, and due diligence demands a mastery of four areas. We can summarize these as Actor, Target, Effect, and Practice, or ATEP:

  • Actor – who may target your business
  • Target – what data they are hoping to steal
  • Effect – all possible consequences
  • Practice – the techniques used to commit cybercrimes

Actors: Who Gains from Security Breaches?

An important Internet security trend is the rising number of attacks from hacker groups that are connected to and backed by governments. The Guardians of the Peace (GOP), responsible for the Sony hack, are a good example of this newer kind of group. These “hacktivists” use many of the same techniques as traditional hackers—data destruction, data leaks, malware, viruses, and website defacement—but with support from a sponsoring nation. Indicators of this kind of security breach include chatter about hacking on social media, threats regarding stolen information, and attempted denial-of-service attacks.

To improve security, management must understand the motives of potential attackers. Managers can do this by:

  • Implementing strong anti-phishing technologies and malware protection
  • Gaining insight into all geopolitical and social effects of a company’s actions
  • Planning and training for the brand equity, cyber security, public relations, and technical impacts of an attack
  • Identifying all potentially valuable corporate data from the perspective of hacktivists and the nations that support them

Targets: Employee Data, IP, Documents and Email

Corporate leadership should pay attention to hackers’ targets. What do attackers and hacktivists want from your company? Financial information is an obvious risk. But other items such as intellectual property, internal company documents, medical records (healthcare providers and insurers), customer data, plus private employee information such as banking information and social security numbers, are all prime targets.

Breach management countermeasures include studying similar businesses to determine data breach trends and avoiding any accumulation of data that isn’t necessary. Companies should classify all retained data according to company needs and risk exposure. Then employees should be trained on how to properly classify all data.  Obviously, personal information about employees, intellectual property, and medical information are all prime targets. Data breaches in these areas carry significant risk exposure.

Effects: What Will Happen if You Experience a Breach?

Leaked and stolen data cause downtime, damage to your brand, and financial loss. Watch for spikes in volume of read data, unexpected changes to system files, and unusual traffic on the network, especially in the authentication area. Effective countermeasures include implementing two-factor authentication, frequent backups, and sophisticated encryption and traffic monitoring. Your company should also have separate Breach Response (BRP) and Incident Response (IRP) plans.

Practice: Long-term Breach Management

The main struggle for companies dealing with cyber security is making data accessible to those who need it, while at the same time keeping it secure from everyone else. This is because attackers typically seek out freedom of movement and escalation of privileges. Risk assessments that are informed by principles of business resilience are a good start, because not all attacks can be prevented. Internal audit reports and other risk management reporting should be central to the overall strategies and planning of the company.

These breach management best practices will help your company minimize exposure to fraud, theft, and other IT security issues. If your business resilience plan is heavily focused on prevention of cybercrimes, your company will be more successful.


Veronika Fritz - Internal Audit ExecutiveThis blog post was written by Veronika Fritz. Veronika is a Managing Partner with Vonya Global, a premier provider of internal audit consulting services. Veronika is a CPA with over 18 years of audit and management experience. Her experience covers all areas of business including compliance, financial, operational and IT. She has led the planning, development and successful execution of financial audits, Sarbanes-Oxley Engagements, pre- and post-implementation ERP system reviews, and business process evaluations. Veronika has expert knowledge in evaluating the design, integrity, effectiveness and reliability of internal controls for financial reporting processes and Enterprise Resource Planning software. She has been a trusted advisor to companies spanning various industries. If you would like more information about Vonya Global or if you have a questions for Veronika, you may contact her through this blog, the company website, twitter, or her LinkedIn Profile.