The Best Steps in a Cyber Incident

In the wake of the recent OneLogin unauthorized data access, it has become evident that no one is safe in the cyber world. All companies are susceptible to attacks and should be prepared to react in case of a sensitive data breach.

Have you ever paused to consider what you would do if your company becomes a victim? If you haven’t, this article is for you. After all, it is in everyone’s interest to move through the process swiftly and thoroughly to restore your operations and bring forth a restored sense of trust between you and your clients.

Round up your team

Data breach is a serious matter and its effective resolution will hinge on the quality of the team of experts you’ll assemble to address the problem. This will depend on the size and nature of your business. In most cases, the people who will need to be brought into the fold will include management, IT and legal. It is also a good idea to talk to those who discovered the breach.

If your company is larger and the breach is extensive, it is wise to include information security, human resources, communications, investor relations and operations in your strategic discussions. You may also look to bring forensic investigators on board to help trace the breach to its source, assess its scope and assist you in forging a remediation plan.

Forensic experts supply knowledge of what evidence to collect and how to interpret it. Furthermore, they can be helpful in outlining remediation steps to bring your business back online. In the event of privacy exposure, consider hiring outside legal counsel to advise you on the type of laws implicated in the breach.

Boost your security

To prevent having to face multiple compromises, it is critical that you act quickly and secure all your systems. This may include changing access codes and even a physical lock up. For machines running online, it’s best to unplug them from the network but not shut them down to allow forensic experts to trace the history of what happened. Be sure to inform your team to not damage any forensic evidence in their post-compromise activity.  

Have your team investigate any inappropriate postings of stolen data on your as well as other public websites and request their removal. Contact search engines to ensure that they don’t archive personal information posted in error. Also, determine exactly what kind of data was compromised, how many were affected and have their contact information ready.

Develop a communication plan

Being upfront with your employees and customers can save you time, money and headaches in the long run. To be most effective, your communication plan should address all implicated parties: customers, employees, investors, and business partners. Avoid being misleading in your communication and withholding details that could help people better protect themselves.

If the breach compromised the privacy and security of individuals, bringing media into the fold via a public relations campaign could help you reach the people whose contact information you lack. For all others, set up a communication channel, such as a website or a toll-free number, to keep them informed of the case.

When speaking publicly about the breach, aim to address common questions in a plain language while avoiding sharing information that can put people at risk. Have a trained communications team in place designated as point of contact to help disseminate intelligence about the event.

Reach out to relevant parties

To minimize the risk of identity theft, it is wise to notify your local police or data protection regulator immediately after you discover the breach. Depending on your legal requirements, you may also need to contact specific government branches. Do your research to find out what exactly you are required to disclose. The type of data stolen, financial versus health for example, may require additional steps for you to take, such as notifying the FTC.

If the breach affected other businesses you are partnering with, be sure to let them know as soon as possible. To prevent access to financial information that you do not store on your machines, contact banking and credit institutions to make them aware of what has happened and allow them to monitor their systems. If the theft included Social Security or National Insurance numbers, major credit bureaus, such as Equifax and Experian can be of assistance.

To help individuals reduce risk, notify them as soon as you’re able so that they can take steps to prevent identity theft. Educate them on what they can do if their sensitive data was exposed. You may also consider offering your clients free monitoring or identity restoration service. Work with the law enforcement and your investigative team to determine what information to disclose and when.

Don’t let it happen again

Data breaches expose system vulnerabilities. Therefore, before closing the case it is imperative to know what areas of the system need additional bolstering and what precautions need to be taken to prevent a future breach. A careful review and analysis of logs and history should reveal the blind spots. You may also limit access of certain individuals to sensitive data, and take a look at your encryption and network segmentation meant to prevent the spread of infection to multiple servers.

Most importantly, make sure to choose the most appropriate hosting solution for your data. If cybersecurity isn’t your company’s expertise, you may want to work with an expert provider whose job is to ensure the safety of your data.

Since cyber attacks will only become more sophisticated over time, do your research and select an organization that has taken extra steps to fortify their security with the best tools.

What’s Hot on Infosecurity Magazine?