How Would Your Contact Center Recover From a Data Breach?

Blog
13 October 2016
Meeting around a table, discussing recovery from data breach

According to the 2015 State of Data Security Intelligence study, only 25% of UK businesses believe they are capable of detecting all data breaches, and only 33% rated themselves as very good at containing breaches when they do happen – even though a single data breach can now cost a company on average over $3m.

While it’s the last thing we expect or want to happen, a data breach is always a possibility for any contact center, and being prepared for the worst could save you not only from further data loss, but from losing a significant amount of money too.

In anticipation of the worst possibly happening, here’s a handy guide of six steps to take in preparation and response.

1. Prepare

A data breach might never happen, but that doesn’t mean preparing for one is a bad idea. In fact, PCI DSS Requirement 12.10 suggests the first reaction to a data breach should be to implement your Incident Response Plan.

In the event of a breach, having a detailed and comprehensive plan is your best chance of mitigating its impact, so ensure you have one drawn up and sent out to any responsible parties. Make sure the individuals involved have a clear understanding of the arrangement and their part in it so that your response to a breach can be immediate and effective.

However, just having a plan isn’t enough; make sure it is also thoroughly tested and run through several times to limit the risk of mistakes or missed steps in the event of an emergency.

2. Have a PFI on Retainer

While hiring a Payment Card Industry Forensic Investigator might not always be necessary, some acquirers or payment brands require an investigation even when a breach is only suspected, so make sure you know your obligations.

It can be a good idea to hire a PFI on retainer so their services will be immediately available to your contact center should you need them. Bear in mind that all PFIs must be completely independent from your company, with no links to any third-party providers that you use.

3. Preserve Evidence

When a data breach is detected, it can be tempting to log in to your compromised system and change all your passwords (or shut it down and reboot it entirely) in an attempt to take back control and minimize data loss. However, doing so can be the fastest way to wipe out vital evidence that will help your PFI identify the cause of a breach.

Part of your call center’s incident response plan should be to preserve as much evidence as possible by following these simple steps:

  • Do not log in to or switch off a compromised system.
  • Instead, learn how to isolate your system from the network – for example, by unplugging the network cable – to minimize data loss immediately.
  • Preserve all logs from the time of the breach.
  • Make a record of any action you do take, including dates, times and the member of staff involved.

4. Inform Employees

For a PFI to work as effectively as possible, it is vital that your employees understand the PFI’s role and are available to talk with them on request. Make sure your employees understand that it is not the PFI’s job to find someone at fault, merely to identify the nature of a breach and prevent it from happening again.

A clear understanding of this will ensure your employees are completely transparent, helping the PFI to conduct their investigation much more quickly.

5. Notify Relevant Parties

Most payment cards, banks, business partners, and third-party providers will require notification of a data breach by contract, so it is essential you contact the relevant people as soon as you can. Your PFI might also require access to third-party facilities so it’s a good idea to have an arrangement drawn up in advance to allow this to happen quickly and easily.

6. Act on Advice Immediately

A PFI should begin an investigation within five working days to ensure any faults or weaknesses in your system are identified as soon as possible. Once you have their report and advice, it must be acted on immediately to prevent further data loss or a successive breach. If necessary, update your incident response plan with any recommendations and make sure all employees are aware of any changes made.

If you’d like to find out more about PCI DSS compliance and how data security risks can be mitigated with a secure card payment solution – prevention is the best cure, after all – please get in touch with our expert consultants today.

View more Blogs Knowledge Center

How can we help you?

Get in touch today to discuss our solutions and your specific requirements.

CONTACT US

Sign up for Knowledge Centre notifications

Never miss the latest blog, news, podcast or event. Sign up to be notified when we publish something new.

notify me

You may also be interested in

News
PCI Security Standards Council welcomes PCI Pal® CISO, Geoff Forsyth, to its Board of Advisors
PCI Security Standards Council welcomes PCI Pal® CISO, Geoff Forsyth, to its Board of Advisors
Geoff Forsyth, Chief Information Security Officer of PCI Pal®, has been appointed to the prestigious PCI Security Standards Council Board of Advisors for 2023-2025. As one of 52 members, Forsyth will contribute his extensive IT and security experience to advance global payment security standards.
Read more
News
PCI Pal Named Finalist in 2023 Security Awards
PCI Pal Named Finalist in 2023 Security Awards
PCI Pal named a finalist in the Best Security Compliance in Enterprise category in The Cloud Security Awards 2023.
Read more
Pause and Resume
White paper
Pause and Resume Call Recording: Calculating the Risk
Pause and Resume Call Recording: Calculating the Risk
In this white paper, we establish and explain the threats posed by outdated call recording technology, including Pause and Resume call recording. Through it, you'll find an easier path to compliance with data security regulations, meaning less chance of being fined for a data breach.
Read more
NFP Health Deploys PCI Pal to Streamline Contact Center Payments
News
NFP Health Deploys PCI Pal to Streamline Contact Center Payments
NFP Health Deploys PCI Pal to Streamline Contact Center Payments
NFP Health deploys PCI Pal to streamline contact center payments.
Read more

More related content

Chat with us