A security breach can be a nightmare for businesses of all sizes. And while there’s a lot of information on how to avoid a breach in the first place, there isn’t always clear advice on what to do after one has already happened. From an IT perspective, a swift and calculated response will play a key role in diffusing the problem and rebuilding trust.
Prevention is the Best Method
Most businesses aren’t fully aware of the consequences of a cyber attack or security breach. They know it isn’t good but don’t quite understand the full impact. Just consider the following direct and indirect consequences:
This list of consequences could be expanded out to include a dozen more examples, but that’s not what this article is about. The point is that you can’t afford to have a breach in the first place. But if you do, knowing how to respond can make all the difference.
5 Steps to Take After a Breach Has Occurred
It’s easy to go into panic mode after you discover a breach. But the quicker you get out of panic mode and into action mode, the better off things will be. Here are a few steps you must take:
1. Notify Law Enforcement
Your initial desire may be to keep a lid on the breach until you can figure out a plan of action, but don’t delay the process of reacting. It’ll only compound your problems.
According to this blog post from High Risk Pay, you should “Notify law enforcement authorities of the data breach. Also, consult with state law to determine if you need to follow reporting guidelines. A business needs to follow state laws for a data breach or potentially face fines for failing to report a violation properly.”
Law enforcement is your friend in a situation like this. Sure, contacting law enforcement means you’ll have to fully disclose everything, but don’t be fooled into thinking you’d be able to keep it a secret anyway. It’s virtually impossible to do, and the consequences of not disclosing are profound.
2. Identify the Cause
Really, this is part of step one. You need to identify the cause as soon as possible to make sure you’re secure. It’s like having a leak in a fishing boat. While you need to grab a bucket and start scooping the water out, your efforts are futile if you don’t first find and plug the hole that’s causing the water to gush in.
Start by studying your system. If you can’t find any evidence that the breach was initiated by an external source, consider the fact that it may have come from the inside. “We now know that no matter how strong your IT security is and how many barriers or identification methods you impose on your people, the weakest links in the system will always be your own employees,” security expert Andra Zaharia notes. This doesn’t necessarily mean your employees are bad people, but just that they did something dumb – for example, opening an email attachment they shouldn’t have.
Consider all possible options and don’t stop until you’ve focused in on the who, what, and where. It’s sort of like playing the world’s least fun game of clue. I think it was a foreign hacker, with access to Larry’s password, in his mother’s basement. You’re just trying to piece together an initial cause right now, but do your best to get as specific as possible. Data forensics will be called in later to fully assess the problem.
3. Secure Information
Once you have a pretty good idea of the cause, you have to start securing information so that nothing more is compromised. Using the previous example, this would mean changing Larry’s password and temporarily suspending his account. While your focus will naturally be on what was compromised in the breach, your focus really needs to be on minimizing the impact.
4. Notify Customers
Now comes the gut-wrenching part. You have to notify customers of the breach. Failure to do so is a federal crime and can result in fines and imprisonment. While you have to be thorough in order to comply with the law, only share as much information as you have to. The marketplace doesn’t need to know every little thing that’s happening behind closed doors. Not only will this hurt your brand even more, it could inadvertently give other cyber criminals information to leverage in the future.
5. Build a Stronger Security Infrastructure
The final step in your response plan is something that you can’t just check off. It’s something that will last indefinitely. You have to start building a stronger security infrastructure in preparation of preventing future incidents.
Be Prepared for Anything and Everything
We’ll say it one last time: Prevention is the best method. But when prevention doesn’t work and you’re staring down the reality of a breach that could cost your organization and brand everything it’s worked so hard to build, knowing how to respond becomes the most important asset you have.