Most organizations will face a data breach at some point with a strong possibility that they’ll be costly to the business. To mitigate your potential costs and damages, it’s essential to know the steps your organization should take if a breach occurs.
Isolate Your Network
To stop the attack from spreading within your network, take your network offline and, if possible, isolate the affected servers. Change your credentials for your critical accounts and servers. If your IT team isn’t specialized in security and forensics, you may want to hire a specialist to assist in the investigation, assessment and next steps.
Assess Your Losses
What information has been compromised? Is this information retrievable? Does your organization have an uncompromised backup that you will be able to access to restore your systems? Assessing your losses is crucial as it establishes the impact on your organization and helps determine the next steps in the restoration process.
Investigate - How did the breach occur?
Finding out how the breach occurred is an important step. According to the 2015 Databarracks Data Health Check survey, the number one cause of data loss is human error. In addition, EY’s Global Information Security Survey 2015 found 44% of executives consider employees the most significant cyber security vulnerability in their organization. Opening a phishing email, downloading a corrupt file or plugging a corrupted USB into the network are common human errors that lead to successful attacks. These, however, aren’t the only ways a breach can occur; your IT team may be behind on critical patching, or your organization may be running old software. In preventing future successful attacks, your organization must understand how previous attacks were successful; this will help plan for the future.
Learn and Prepare to Do Better
Once you’ve learned how the breach occurred, you can leverage this information to improve your systems and establish a more secure network. If your breach was due to human error, take steps to reduce the likelihood of these incidents in future, such as employee training, automating processes to reduce the number of opportunities for human error and introduce new software to protect the network in case an error is made. Your organization may have to evaluate the current technologies in place and invest in more up-to-date software to ensure you’re receiving the best protection.
Hiring a service provider to manage your security is a great option for many organizations. It places your security in the hands of an expert, ensures that you’re using the best technologies and are up to date with patching and updates. A service provider also ensures that someone is monitoring your network 24/7/365 for issues.
When learning from past breaches, think about the underlying cause of the breach. Do you have a big enough IT budget? Does your organization have 500 employees but only have 1 IT staff member? Think realistically, are you allocating enough resources to protect your organization properly? Should you hire a managed service provider to assist your internal IT team or increase your IT spend?
As you learn more and improve your processes, remember to update your Data Breach Incidence Response Plan to ensure your team is following the most up-to-date version.
Work with Law Enforcement Agencies in Your Region
Depending on the laws governing your country and the type of data your organization has, you may be required to report the data breach to your local authority (Canada Centre of Cybersecurity, the Privacy Commissioner of Canada, Homeland Security (USA), Interpol Cybercrime Division (Europe), etc.). These agencies may be able to provide more information on the attack and help you retrieve your data. A good relationship with your local law enforcement agency may prove beneficial to your organization.
Speak to Your Legal Team
Your corporate data isn’t just your own. It also contains the personal information of your clients and other parties. If this data is leaked, your clients will expect an explanation, assess their damages, and possibly get ready to sue your organization. To ensure your company is ready for any situation, inform your legal team of the breach as soon as possible and pass along all information pertaining to the situation. For your legal team to respond proactively and effectively, they need to be fully aware of all details.