[BreachExchange] The Best Steps in a Cyber Incident

Audrey McNeil audrey at riskbasedsecurity.com
Mon Aug 7 18:31:58 EDT 2017


https://www.infosecurity-magazine.com/opinions/best-steps-cyber-incident/

In the wake of the recent OneLogin unauthorized data access, it has become
evident that no one is safe in the cyber world. All companies are
susceptible to attacks and should be prepared to react in case of a
sensitive data breach.

Have you ever paused to consider what you would do if your company becomes
a victim? If you haven’t, this article is for you. After all, it is in
everyone’s interest to move through the process swiftly and thoroughly to
restore your operations and bring forth a restored sense of trust between
you and your clients.

Round up your team

Data breach is a serious matter and its effective resolution will hinge on
the quality of the team of experts you’ll assemble to address the problem.
This will depend on the size and nature of your business. In most cases,
the people who will need to be brought into the fold will include
management, IT and legal. It is also a good idea to talk to those who
discovered the breach.

If your company is larger and the breach is extensive, it is wise to
include information security, human resources, communications, investor
relations and operations in your strategic discussions. You may also look
to bring forensic investigators on board to help trace the breach to its
source, assess its scope and assist you in forging a remediation plan.

Forensic experts supply knowledge of what evidence to collect and how to
interpret it. Furthermore, they can be helpful in outlining remediation
steps to bring your business back online. In the event of privacy exposure,
consider hiring outside legal counsel to advise you on the type of laws
implicated in the breach.

Boost your security

To prevent having to face multiple compromises, it is critical that you act
quickly and secure all your systems. This may include changing access codes
and even a physical lock up. For machines running online, it’s best to
unplug them from the network but not shut them down to allow forensic
experts to trace the history of what happened. Be sure to inform your team
to not damage any forensic evidence in their post-compromise activity.

Have your team investigate any inappropriate postings of stolen data on
your as well as other public websites and request their removal. Contact
search engines to ensure that they don’t archive personal information
posted in error. Also, determine exactly what kind of data was compromised,
how many were affected and have their contact information ready.

Develop a communication plan

Being upfront with your employees and customers can save you time, money
and headaches in the long run. To be most effective, your communication
plan should address all implicated parties: customers, employees,
investors, and business partners. Avoid being misleading in your
communication and withholding details that could help people better protect
themselves.

If the breach compromised the privacy and security of individuals, bringing
media into the fold via a public relations campaign could help you reach
the people whose contact information you lack. For all others, set up a
communication channel, such as a website or a toll-free number, to keep
them informed of the case.

When speaking publicly about the breach, aim to address common questions in
a plain language while avoiding sharing information that can put people at
risk. Have a trained communications team in place designated as point of
contact to help disseminate intelligence about the event.

Reach out to relevant parties

To minimize the risk of identity theft, it is wise to notify your local
police or data protection regulator immediately after you discover the
breach. Depending on your legal requirements, you may also need to contact
specific government branches. Do your research to find out what exactly you
are required to disclose. The type of data stolen, financial versus health
for example, may require additional steps for you to take, such as
notifying the FTC.

If the breach affected other businesses you are partnering with, be sure to
let them know as soon as possible. To prevent access to financial
information that you do not store on your machines, contact banking and
credit institutions to make them aware of what has happened and allow them
to monitor their systems. If the theft included Social Security or National
Insurance numbers, major credit bureaus, such as Equifax and Experian can
be of assistance.

To help individuals reduce risk, notify them as soon as you’re able so that
they can take steps to prevent identity theft. Educate them on what they
can do if their sensitive data was exposed. You may also consider offering
your clients free monitoring or identity restoration service. Work with the
law enforcement and your investigative team to determine what information
to disclose and when.

Don’t let it happen again

Data breaches expose system vulnerabilities. Therefore, before closing the
case it is imperative to know what areas of the system need additional
bolstering and what precautions need to be taken to prevent a future
breach. A careful review and analysis of logs and history should reveal the
blind spots. You may also limit access of certain individuals to sensitive
data, and take a look at your encryption and network segmentation meant to
prevent the spread of infection to multiple servers.

Most importantly, make sure to choose the most appropriate hosting solution
for your data. If cybersecurity isn’t your company’s expertise, you may
want to work with an expert provider whose job is to ensure the safety of
your data.

Since cyber attacks will only become more sophisticated over time, do your
research and select an organization that has taken extra steps to fortify
their security with the best tools.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170807/359eba1e/attachment.html>


More information about the BreachExchange mailing list