Monday, June 3, 2024
The security incident response procedure guide for companies is the work of Nacha's Payments Innovation Alliance, a membership program that brings together a diverse group of stakeholders focused on transforming the payments industry.
The tool is available for free and provides procedures and actions a company should take when it reasonably suspects a security incident or breach involving personal or other proprietary data.
The guide can help evaluate suspected incidents or breaches on a case-by-case basis. For example, it can help in determining whether and what notifications are necessary—to customers, regulators, the card brands, the media and/or consumer reporting agencies.
"Time is of the essence when responding to a suspected incident or breach," said Matt Luzadder, managing partner in the Chicago office of Kelley Drye & Warren LLP. The guide offers suggested actions to help plan for, triage and respond to cyber incidents quickly, and thus minimize potential harm to all involved.
"Planning for potential incidents is key and the guide can serve as a starting point for security discussions within an organization," Luzadder said in a statement released by Nacha. Of course, all organizations are different, so plans should be customized, working with information technology, compliance and legal experts, he added.
The onus of data protection and for breach recovery is on companies that maintain that data. "Companies should have comprehensive disaster recovery and incident response plans in place, conduct periodic employee training and testing, audit and review their systems appropriately and employ threat detection and response technologies," Luzadder said.
The guide, he noted, "can serve as an important resource in developing these risk-reduction strategies." It can also be used in concert with other Alliance resources, such as a "tabletop exercise," which it released last year.
The tabletop exercise was developed to increase organizational preparedness, response and recovery efforts related to cyberattacks and provide actionable approaches for leadership, among other things. It also establishes a framework for compliance by focusing on applicable laws, regulations and rules. 
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
