User Review( vote)
No one likes to admit the walls have come down. But sometimes, cyber criminals manage to pave their way through your cyber security defenses, no matter how far you’ve gone to fortify them. Panicking is the natural reaction, but it won’t do you any good (nor will trying to cover it up).
Learn how to properly handle a cyber security breach in 5 easy steps.
Step 1: Put together a team
Ideally, you should have already laid a plan in place. Now is not the time to play the blame-game. Focus on making decisions and making them quickly. Call the crucial staff members, your IT force, and involve the PR personnel so communicating with the customers runs swiftly.
If you believe that litigation could follow as a result from the breach, do not hesitate to get the legal team involved as well.
Step 2 : Contain the danger
Find out where the bad guys (hackers) have broken in and contain the source of the breach. If they’ve taken advantage of a vulnerability, install a patch. Then, reset all the passwords while making sure that none of them get re-used. If you’re not sure a particular machine should be connecting to the network or not, it’s best to disconnect it.
Step : Find out what’s going on
During this stage of your action-plan, assessing the state of the damage is of crucial importance. If you believe data has been stolen, determining this is not enough – you need to know exactly what you’re dealing with and deal with the situation appropriately.
If the data could cause some real havoc in case it ends up falling into the wrong hands, pinpoint who would suffer as a result of it and how severe it would be.
For example, exposing someone’s medical records could leave to an invasion of privacy, while exposing someone’s credit card data may lead to emptying someone’s bank account.
Step 4: Get people notified
Depending on where you live and the local governing laws, notifying those who you believe to be affected by this could be mandatory. Even if this is not the case, you have a moral responsibility to inform the victims so they can mitigate the damage (they can, in turn, notify their banks to cancel the card, etc). Of course, it’s appropriate to notify any third parties you deem necessary. VERY IMPORTANT
Step 5: Make sure nothing like this ever happens again
Although there is no such thing as being 100% secure in the world of cyber security, however, there are certain steps you can take to protect yourself. For example, don’t shy away from hiring a cyber security expert or cyber forensics investigator if you don’t feel your knowledge matches up to the task.
Then, ask yourself whether there are any vulnerabilities still present in your systems and don’t hesitate to patch them up.
If there’s something important you’ve learned, check that your staff members are on the same level (and don’t hesitate to pay for their education if they are not).
Finally, check the terms and privacy policies of any third parties you are collaborating with and make sure that people’s personal information are protected should things go awry.
It is a good practice to engage your team in “threat hunting and penetration testing” to look for threats and vulnerabilities in the organizations’s IT environment. Cyber attacks can happen at anytime and your goal is to prevent or be ready to contain it once it happens.
The key take away in this article is 1) setup an effective action plan with respect to Cyber security. 2) follow the five steps above when responding to a cyber breach.