Contain

by | Jun 2024 | rc-child

Responding to Data Incidents: A Step-By-Step Guide for CAAs 

Introduction

1. Identify

2. Contain

3. Mobilize

4. Discover

5. Notify and Comply

6. Remediate

7. Document, Document, Document

8. Assess Financials

9. Learn and Adapt

Contain: Stop additional data loss.

OnGuard determined that the implicated data was accessed through the software of its outsourced CFO, who was working with the CAA as a third-party contractor. The outsourced CFO had access to staff and client financial information, which was made vulnerable due to weak passwords and other inadequate security measures. The outsourced CFO was ultimately targeted by a cyber-attack which accessed OnGuard’s confidential and sensitive information. Upon identifying that the data incident occurred in part due to its outsourced CFO’s weak passwords, OnGuard immediately instituted multi-factor authentication (MFA), and asked its outsourced CFO to implement MFA as well, allowing OnGuard to put an immediate stop to the loss of any additional sensitive data.

The main priority after identifying a data incident is to contain the incident as quickly as possible. In this step, the CAA can stop additional data loss by securing those systems identified as compromised by the incident. Actions to secure systems may include resetting all passwords across the organization or implementing MFA. MFA is an additional layer of security which requires one or more verification factors to login to an account, such as requesting a pin from a phone app, in addition to asking for a username and password. This additional verification prevents even those unauthorized individuals who have stolen passwords from accessing sensitive data. 

While there may be pressure to immediately restore any downed or disabled systems, a CAA must not rush to do so if it risks wiping or erasing certain data on existing computers, systems, or servers. Those systems may include important information that must be preserved to help continue investigating the incident, or for evidence in any potential future lawsuits and insurance claims.  

This resource is part of the Community Services Block Grant (CSBG) Legal Training and Technical Assistance (T/TA) Center. It was created by Community Action Program Legal Services, Inc. (CAPLAW) in the performance of the U.S. Department of Health and Human Services, Administration for Children and Families, Office of Community Services Cooperative Agreement – Award Number 90ET0505-01. Any opinion, findings, conclusions, or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the U.S. Department of Health and Human Services, Administration for Children and Families.