Canada’s new data breach reporting requirements, contained in Division 1.1 of PIPEDA, are in effect. Are you prepared? If you’ve ever thought “I don’t have information that anyone would want” or “I’m too small to be a target for a cyber-attack”, then you’re already setting yourself up for a ‘reactive’ approach to cybersecurity. Reacting to a breach can set your organization back in more ways than the financial impact. Downtime will affect your organization’s productivity and ability to keep up with regular business; not to mention the impact a breach can have on your customer’s perception of your brand. BRaaS (Breach Readiness as a Service) will help your organization mitigate the effects of the breach and reduce the turnaround time. Why You Need More Than a Breach Response Strategy As important as a response strategy is, it’s also only half the picture. Don’t get me wrong, you need a response strategy in case you do face a breach, but dealing with the issue only after the issue has happened, can land you with costlier solutions. Uzado’s BRaaS forces organizations to set up goals that the organization can work to achieve, including protective, deterrent and preventative measures. There were many issues that went wrong during the Equifax breach, but had they been prepared for the breach, they could’ve reduced the business impact. First off, one of their issues was compliance – they stored all of their sensitive information in one system, which violates PCI (Payment Card Industry) standards. Any consultant would’ve immediately advised against this, because once a hacker penetrates the system, they would then have access to ALL information – which is what happened. Secondly, news broke of the hack several months after it happened. With a proper response plan, Equifax employees would’ve had to followed protocol by notifying specific people as the incident was discovered. For more information on the Equifax hack, click here. Uzado’s BRaaS offers customers a proven proactive approach in preparation for a breach. Uzado will work with organizations to set up policies and procedures, form response teams where individuals will be assigned specific roles, and establish the required channels of communications. Uzado’s BRaaS consists of two phases: (1) the initial onboarding and (2) ongoing activities. Here’s what you can expect from Uzado for the initial onboarding:
- Information Gathering– this will include asset lists, network diagrams, and systems information. The more insight we have into the structure of your organization, the more we can help you prepare.
- Response Processes– Uzado will review the current response process and tailor it as needed. If there is no response process in place, Uzado will provide a net new protocol
- Familiarization– Uzado will review various types of breaches that the organization may experience and ensure that the management and the response team feel comfortable that they have: (a) sufficient information should they need to call Uzado; and (b) a better understanding of what a breach might look like, so that they know when to engage Uzado.
- Response and Escalation Processes– Build out initial notification and escalation processes
- Shared Repository– At the completion of onboarding there should be a shared central repository of all breach response documents for the customer and Uzado to access
- Breach Readiness Response Service– phone and email available 24x7x365 to initiate the response for a breach
- Ongoing meetings– to: (1) review any outstanding items from previous meetings to ensure completion or report on progress, using the Breach Readiness Insight; (2) review current processes, protocols, and notification/escalations, to ensure everything is up-to-date; (3) identify any changes or activities which need to be completed as takeaways
- Tabletop Exercise– twice annually (on average every 6 months) conduct a Tabletop exercise. The goal will be to pick either a potential breach that the organization may have recently had issues around, or pick a breach scenario from the news headlines
- Annual Review– Review all 12 Breach Readiness Insights, identify any possible trends, provide overall observations and recommendations to further improve the organization’s Breach Preparedness