[BreachExchange] 5 key steps you need to take if you have a data breach

Audrey McNeil audrey at riskbasedsecurity.com
Thu Aug 31 19:52:34 EDT 2017


https://readwrite.com/2017/08/29/steps-can-take-event-data-breach-dl1/

In the wake of the recent OneLogin data breach, it becomes evident that no
one is safe in the cyber world. All companies are susceptible to attacks
and should be prepared to react in case of a sensitive data breach. Have
you ever paused to consider what you would do if your company became a
target? If you haven’t, this post is for you.

Below you will find five steps you can take to secure your business after
you discovered a breach. After all, it is in everyone’s interest to move
through the process swiftly and thoroughly to restore your operations and
bring forth a restored sense of trust between you and your clients.

Step #1: Round up your team

Data breach is a serious matter and its effective resolution will hinge on
the quality of the team of experts you’ll assemble to address the problem.
This will depend on the size and nature of your business. In most cases,
the people who will need to be brought into the fold will include
management, IT and legal. It is also a good idea to talk to those who
discovered the breach.

If your company is larger and the breach extensive, it is wise to include
in your strategic discussions information security, human resources,
communications, investor relations, and operations. You may also look into
bringing forensic investigators on board to help trace the breach to its
source, assess its scope and assist you in forging a remediation plan.

Forensic experts supply knowledge of what evidence to collect and how to
interpret it. Furthermore, they can be helpful in outlining remediation
steps to bring your business back online. In the event of privacy exposure,
consider hiring outside legal counsel to advise you on the type of laws
implicated in the breach.

Step #2: Boost your security

To prevent having to face multiple compromises, it is critical that you act
quickly and secure all your systems. This may include changing access codes
and even a physical lock up. For machines running online, it’s best to
unplug them from the network but not shut them down to allow forensic
experts to trace the history of what happened. Be sure to inform your team
to not damage any forensic evidence in their post-compromise activity.

It is critical that your employees change their administrative credentials
as soon as the breach is discovered. This will prevent any hacker who has
gained access to such credentials from having unimpeded access to your
data. If you need to access the web, consider plugging in uncontaminated
machines. Make sure your IT team is closely monitoring the ingress and
egress points, especially those implicated in the breach.

Have your team investigate any inappropriate postings of stolen data on
your as well as other public websites and request their removal. Contact
search engines to ensure that they don’t archive personal information
posted in error. Also, determine exactly what kind of data was compromised,
how many were affected and have their contact information ready.

Step #3: Develop a communications plan

Being upfront with your employees and customers can save you much time,
money and headaches in the long run. To be most effective, your
communication plan should address all implicated parties: customers,
employees, investors, and business partners. Avoid being misleading in your
communication and withholding details that could help people better protect
themselves.

If the breach compromised the privacy and security of individuals, bringing
media into the fold via a public relations campaign could help you reach
the people whose contact information you lack. For all others, set up a
communication channel, such as a website or a toll-free number, to keep
them informed of the case.

When speaking publicly about the breach, aim to address common questions in
a plain language while avoiding sharing information that can put people at
risk. Have a trained communications team in place designated as point of
contact to help disseminate intelligence about the event.

Step #4: Reach out to all relevant parties

To minimize the risk of identity theft, it is wise to notify your local
police, or even FBI, immediately after you discover the breach. Depending
on your legal requirements, you may also need to contact specific
government branches. Do your research to find out what exactly you are
required to disclose. The type of data stolen, financial versus health for
example, may require additional steps for you to take, such as notifying
the FTC.

If the breach affected other businesses you are partnering with, be sure to
let them know as soon as possible. To prevent access to financial
information that you do not store on your machines, contact banking and
credit institutions to make them aware of what has happened and allow them
to monitor their systems. If the theft included Social Security numbers,
major credit bureaus, such as Equifax and Experian can be of assistance.

To help individuals reduce risk, notify them as soon as you’re able so that
they can take steps to prevent identity theft. Educate them on what they
can do if their sensitive data was exposed. As a make good, you may
consider offering your clients free monitoring or identity restoration
service. Work with the law enforcement and your investigative team to
determine what information to disclose and when.

Step #5: Don’t let it happen again

Data breaches expose system vulnerabilities. Therefore, before closing the
case it is imperative to know what areas of the system need additional
bolstering and what precautions need to be taken to prevent a future
breach. A careful review and analysis of logs and history should reveal the
blind spots. You may also limit access of certain individuals to sensitive
data, and take a look at your encryption and network segmentation meant to
prevent the spread of infection to multiple servers.

Most importantly, make sure to choose the most appropriate hosting solution
for your data. If cyber security isn’t your company’s expertise, you may
want to work with an expert provider whose job is to ensure the safety of
your data. Since cyber attacks will only become more sophisticated over
time, do your research and select an organization that has taken extra
steps to fortify their security with the best tools
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170831/adfac53c/attachment.html>


More information about the BreachExchange mailing list