Incident Response

Incident Crisis Response Management Services

Premise: In the event that personally identifying information, under your control or responsibility is breached or suspected to have been breached, you desire to have a complete rapid response service plan ready to deploy on a moment’s notice.

Starting point: The ideal starting point is when you have already thought this through for each sensitive data type you possess and your plan kicks in with your team already knowing what their roles and responsibilities are in addressing the breach. This is what the Federal Trade Commission and other regulatory authorities want you to have done (see disclaimer below). By having your incident crisis response management plan in place you reduce the panic (which equals cost) and become more effective in resolving the incident.

Program goal: To perform such an overwhelming response to a personally identifying information breach incident that an affected person is awestruck by your quick and thorough action.  The affected people will have such a positive impression; they will be more impressed with your response than disappointed by the incident.

Click here to see a sample of what our BTR-Affiliate public relations firm Envisian helps us do for you.

Disclaimer: You are required to demonstrate reasonable efforts to comply with guidelines issued by the Federal Trade Commission, or your specific regulatory authority. An ideal outcome is that your preparedness and effective response will mitigate any legal issues that may rise from a personally identifying information breach. Even though our program may reduce your liability, we are not warranting or implying that by following all our suggestions, or even the hiring of our services, will free you from all liability. Each incident will have unique characteristics and circumstances which are beyond the control of any service provider’s ability to predict or mitigate.

BTR-Security Crisis Incident Response Program

Your rapid response will unfold in four steps:

Step 1:  Initial triage – Determine exactly what happened and has it been stopped.  Establish the personally identifying information affected and the extent it has been compromised. If the breach was or could have been a criminal act, contact appropriate law enforcement immediately to gain their assistance and take the direction you need to cooperate with any ensuing investigation.  The timing of all other steps will be affected by any law enforcement activity.  The remaining steps assume you have been given clearance by participating law enforcement agencies to mitigate the effect on all persons affected.

Step 2:  Immediate action – Utilize a notification template, composed for each type of personally identifying information, and drop in all relevant details of the specific breach incident.  Concurrently, add relevant details for a press release to be handled by a qualified public relations firm.  All affected individuals will be giving notice that a possible lose of their personally identifying information has taken place and they are hereby notified that a credit fraud alert needs to be placed on their file by calling any one of the three major credit reporting bureaus.  Complete instructions, phone numbers, and written contact information should be provided in this notification.  Also alert the people affected to carefully monitor their identity through www.annualcreditreport.com and that they must carefully monitor and review their existing financial accounts.  See Recover Stolen ID, our identity theft recovery guidance area on this website, for more instructions.

Step 3:  Assisting Affected People – You could directly deploy BTR-Security to assist in mitigating your liability for possible future losses suffered by the people whose personally identifying information was breached.  Depending on the circumstances of your personally identifying information breach incident (who, what, and where), BTR-Security will hold an “Identity Theft Awareness & Protection” [educational] seminar or webinar to assist the affected people. The attendees will learn that even if your personal identifiable information breach incident had never taken place, they are still at risk for identity theft.  By informing all affected people what specially happened to cause your incident, what you have done to prevent it from happening in the future and any other mitigating steps you have taken will begin to repair any damaged done to your reputation.

Step 4:  Sustaining action or “Wow” factor -. At the end of the seminar or webinar, BTR-Security will enroll the affected people into an identity theft protection and restoration service, just in case anyone becomes a victim of identity theft during the subscription period you choose. You could offer any affected people a one or two year subscription to an identity theft monitoring and restoration service.  This will show your sincere apology and again help repair any damage done to your reputation.

If you are interested in learning more about our prepared solution response call 610-444-5295 or use the Contact form.