Do not freak out—Follow your plan
While unpreparedness in the face of a data breach can cause irreparable damage to a company, panic and disorganization can also be extremely detrimental. It is, therefore, critical that a breached company not stray from its incident response plan, which should include identifying the suspected cause of the incident as a first step. For example, was the breach caused by a successful ransomware attack, malware on the system, a firewall with an open port, outdated software, or unintentional insider threat? Next, isolate the effected system and eradicate the cause of the breach to ensure your system is out of danger.
Investigate and do not forget to take notes
When investigating a breach, document everything. Gathering information on an incident is critical in validating that a breach occurred, what systems and data were impacted, and how mitigation or remediation was addressed. Log results of investigations through data capture and analysis so they are available for review post-mortem. Be sure to also interview anyone involved, and carefully document their responses. Creating detailed reports with disk images, as well as details on who, what, where and when the incident occurred, will help you implement any new or missing risk mitigation or data protection measures.
Do not be afraid to ask for help
If you determine that a breach has indeed occurred following your internal investigation, bring in third-party expertise to help handle and mitigate the fallout. This includes legal counsel, outside investigators who can conduct a thorough forensic investigation, and public relations and communication experts who can create strategy and communicate to the media on your behalf. With this combined expert guidance, organizations can remain calm through the chaos identifying what vulnerabilities caused the data breach, remediating so the issue doesn’t happen again in the future, and ensuring their response to affected customers is appropriate and timely. They can also work with their legal counsel to determine if and when law enforcement should be notified.
Do not go back to the status quo
After a data breach is resolved and regular business operations resume, do not assume the same technology and plans you had in place pre-breach will be sufficient. There are gaps in your security strategy that were exploited and, even after these gaps are addressed, it doesn’t mean there won’t be more in the future. In order to take a more proactive approach to data protection moving forward, treat your data breach response plan as a living document. As individuals change roles and the organization evolves via mergers, acquisitions, etc., the plan needs to change as well. Additionally, work with your security and/or IT team to discuss investing in next generation data protection solutions, which go beyond traditional encryption to protect data at the file level. This will keep your company information safe across all workplace computing devices in both connected and disconnected modes, ensuring company data remains safe from unauthorized users—even in the event of another breach or next generation attack like malware or ransomware.
[su_box title=”About Ermis Sfakiyanudis” style=”noise” box_color=”#336588″][short_info id=’102554′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.