What to do after a data breach?

Posted By in IT Technology

cyber-attack

Be prepared.

Data breach could happen to any company, at any time, therefore having a plan of action is the best tactic. It’s sad to say that these breaches are continuing to happen year over year with no decrease in the impact of their severity on the consumers. Most companies won’t even realize that they were breached until the attackers go public with the outcome. Some companies may find that their hard drives may be corrupted after an attack and look to a recovery service similar to DriveSavers to help with recovering any data they may have lost.

The most important part of preparedness is the ability to detect a breach. We’re always thinking defensively and layering up controls that place defense at different locations, but we rarely put in place a dedicated monitoring solution that can look at everything and identify anomalous activity.

Here is a recommended six-point plan when dealing with incident response, including preparation, identification, containment, eradication, recovery, and lessons learned.

Identification: Identify what happened and understand how the attackers got in, or how the data got out. Most importantly, make sure nothing else is still leaking from your database. Knowing your situation and position is the first step. While you’re sorting out and organizing your data, you may also want to consider implementing a data validation solution to ensure the quality of your data is satisfactory when you choose to analyze it for insights.

Containment: Make sure the attackers are out. Ensure that nothing is leaving the business. Lockdown the instance to ensure you understand what went wrong and how to prevent it from happening again.

Eradication: Now is the time to deal with the issues and focus on removing and restoring the affected systems. Here is where you want to do a complete reimaging of the system’s hard drive and scanning affected systems and files with anti-malware software. A VPN (virtual private network) could be implemented to further protect the updated systems. Reading different VPN reviews Canada can highlight what particular services are on offer and what’s appropriate for the business. A VPN works by encrypting data connections which in turn protects the sensitive data held by the organization.

Employee training: Always make sure your employees are informed and they know what has happened. It could have been due to an employee action and could be prevented next time.

Communication: To keep up with a secure culture, you’ll need to get everyone on the same page when it comes to external communications. Your business’s IT policy should include no tweeting or updates on company matters, and at the time of an IT issue, you should stress the need for silence.

Lessons learned: Understand what went wrong and make sure that you have the best tactics to prevent reoccurrence.

Give us a call at 949-235-8743 for more information on this subject. We are here to help.