Video: Best Practices in Data Security

What to do when company data is breached.

Reading Time: 2 min 



An MIT SMR initiative exploring how technology is reshaping the practice of management.
More in this series
Already a member?
Not a member?
Sign up today

5 free articles per month, $6.95/article thereafter, free newsletter.


Unlimited digital content, quarterly magazine, free newsletter, entire archive.

Sign me up

On May 23, 2017, the MIT Sloan School of Management hosted the 14th annual CIO Symposium: “The CIO Adventure: Now, Next and… Beyond.” The one-day event brought senior IT executives together to discuss key technologies, including IoT, AI, blockchain, Big Data, DevOps, cloud computing, and cybersecurity. The main idea was to help prepare these tech leaders for challenges they face, including shepherding ongoing digital transformations, building a digital organization, and managing IT talent.

This series highlights insightful sessions from the event.

In an era where nearly every organization considers itself a technology company, cybersecurity is a top concern. What happens when private information is compromised? Keri Pearlson, executive director, MIT (IC)3, moderated the MIT CIO Symposium panel “You Were Hacked — Now What?” to discuss this issue. Speakers Andrew Stanley, chief information security officer at Philips, and James Lugabihl, director of information security at ADP, offered a series of suggestions for how to manage security breaches.

The panel also distinguished between a hack and a breach. A hack involves the compromising of a host, but the adversary is not looking to extract data from an organization, whereas a breach occurs when a company actually has lost control of information. As Stanley points out, hacking is an action, while a breach is an outcome. When a breach is suspected, there are specific steps a chief information security officer (CISO) or an operational lead will take to mitigate the situation.

At the outset of any cybersecurity event, ask why. Knowing context will determine if the event is significant enough to be shared with the C-suite and board. If the matter demands escalation, it’s especially important to give C-level stakeholders context around a security breach.

When a significant breach occurs, the first thing a cybersecurity leader should do is assemble the right team. A CISO will call on a crisis management team comprised of legal representatives, network scanners, penetration specialists, and others who can investigate the event. Stanley notes that the C-suite will likely want frequent status reports (as often as on the hour), and the crisis management team needs to work together to set proper expectations with executives and to analyze the data they’re receiving in order to provide accurate updates. It may also be necessary to contact insurers or law enforcement, depending on the situation.

The crisis management team will, of course, do many things.

Read the Full Article



An MIT SMR initiative exploring how technology is reshaping the practice of management.
More in this series

More Like This

Add a comment

You must to post a comment.

First time here? Sign up for a free account: Comment on articles and get access to many more articles.