The 10 Critical Steps to Take After a Data Security Breach
How can a company survive a data breach?
Although security breaches have been affecting companies for years and influential names in the IT industry have sounded the alarm saying this tendency will only continue to increase, nobody did anything about it. Even more, most corporations in the world just went hiding behind a this won’t happen to me belief.
For this reason, these days, security analysts are taking a fresh look at this phenomenon and are starting to say that this will happen to you for sure and it’s not a question of IF, but only a matter of WHEN.
So, we really need to be ready for this. If it makes things easier for you to accept, you may take this like the weather: it will rain and though we don’t know when, it will. And you will be affected by this.
But to prove this is a serious issue for the online industry, we don’t need to look way back into the past, we only need to consider last year’s events and acknowledge that data security breaches have reached a new level, never encountered before.
Who could have foreseen the massive Sony Pictures hack and all that unexpected amount of data retrieved, from unreleased movies to personal details and even hidden sex scandals. Oh, and let’s not forget that at the end of it, the United States officially accused the North Koreans of all this.
Are we in a movie now or is this really happening?
Surviving a data security breach
Ok, so you discover your company has been a victim to a data breach. What now? What is to be done?
The very first thing you need to do is just breathe and don’t panic. Maybe your breach is not the Sony massive hack or the Apple iPhone celebrities photos breach. Maybe what has been retrieved by IT criminals is not sensitive information for your company or personal details that will affect your employees or your company’s fabulous destiny.
So, just take it easy and follow the steps below:
1. Kill them all! Or just evaluate the losses.
This one is like in a battle, which, as soon as it ends, you start doing the math. What exactly has been lost? What did the enemy manage to take from me?
Is that information vital for my company’s future? Did they manage to obtain codes and credentials to access servers and online accounts where valuable data is kept?
Or maybe, just maybe, they have also reached hidden scandal stories from your company, like they managed to obtain in the Sony hack?
Nevertheless, this is the first step you need to take and it’s important. If you don’t have a serious IT department that can deal with this, then hire a professional team like Sony did.
2. Burn the fields! Or just isolate your network for some time.
Even before you find out what has been discovered by online criminals, go and change as soon as possible your credentials for the important online accounts and servers where you keep your data and take offline or isolate if it’s possible servers, machines and parts of the system that contain the important stuff.
I know, it’s hard to imagine you can stop the system for some time or for some employees because really now, what will they do without Facebook all day? But seriously, just do it, you may even give some of your employees a few days off until you figure out what exactly happened and how large the security breach is.
And since we are talking about your employees, this leads us to the next step, which could shed some light into this whole matter.
3. How did the breach occur? Suspect the human element.
What is your system’s weakest link?
We now know that no matter how strong your IT security is and how many barriers or identification methods you impose on your people, the weakest links in the system will always be your own employees.
And this is something difficult to deal with because people are people. If they receive an e-mail with a link or an attachment, who can tell they won’t click the link or open the attachment?
Just by doing this little thing, they can start installing or downloading a malicious installer on the system and give access to remote criminals.
A simple click and hell’s gates are opened.
Therefore, try to find out who or from what system the breach spread throughout the system. Ahh, and try not to kill any employee in the process!
4. Are your employees happy?
This is another element we need to approach. It’s ugly, but someone has to do it.
We know, as a boss it’s not easy to keep everybody happy. They always seem to want something from you, little things like more money, paid vacations, team buildings (drinkings) or various trainings for God knows what. Or some of them simply want to go see the world and work for your from Asia. People are crazy!
Sometimes, they are not happy with their colleagues, elevators or even the weather. Who can understand your employees? The answer is Nobody!
Nevertheless, you need to do this step and check what employees were most likely to adopt a friendly approach towards letting a security breach occur or collaborate with cyber-criminals. A discontent individual can do a lot of harm to your company if he or she really chooses to.
From our “extensive experience” with angry and discontent employees, we can tell you that usually, it all comes down to money. So, start from there and see who didn’t receive a raise for some time. Usually, they make some noise about it, so their managers should know who they are.
5. Learn from the security breach and prepare for next time.
Did you manage to discover where and how the breach occurred? Ok, then you’d better learn from this and don’t repeat the error in the future. You may think that once the perpetrators have been revealed or the security breach has been disclosed, the potential danger has just disappeared. Well, no.
In today’s threat landscape, the cyber-criminal minds that play with our systems and target large organizations are difficult to apprehend and bring before justice.
Since the online sphere has no physical limits, national borders, state laws or international treaties do not apply or are difficult to impose. A security threat or a phishing campaign that originated in the other part of the world makes it difficult to reveal and catch the real criminals.
For this reason, we cannot rely on official actions from our government to bring criminals to justice. Let’s look for example at the massive Sony hack: the American authorities indicated the North Koreans as the ones who operated the hack, but actually there’s little they can do about it. So, this will not help you very much.
If we accept and want Internet freedom and all its benefits, we need to acknowledge there are also negative aspects to this complete online liberty.
6. Train your employees.
As some companies try to prove, training your employees and preparing them for phishing attempts and privacy breaches is part of your responsibility. Since it happened once, who can tell it won’t happen again? So, start training your employees and test them from time to time to make sure they are aware of online dangers.
Usually the average employees do not seem to care much if a large privacy breach affects their company, but if cyber-criminals manage to retrieve information such as their salary grid or hidden sex scandals, that could affect them and they might start caring more about their online actions.
So, start teaching them about what can happen and mostly how they can be affected by this.
7. Collaborate with law enforcement agencies in your country.
In case a major data breach has occurred, you need to contact the authorities and inform them of this.
If you live in the USA or Europe, there are some big names that deal with these cases, like the Department of Homeland Security in the United States or the Interpol Cybercrime Division in the EU. In any case, there should be some departments built to address these cyber-threats in all countries.
If you contact them, they should know about the main actors in this game and should soon come up with a list of suspects.
Give them full support, don’t hold anything back, because the information stolen from you might soon appear to be for sale on some underground forums under surveillance by the authorities. And this could lead them to those that attacked your company’s network.
Important: Once you end the collaboration, maintain the established contacts because it is quite probable that you will get back to them in the future. Maybe with a desperate phone call in the middle of the night.
8. Watch your back from legal issues.
Your data has been stolen, but as you already know, it’s not only your data. Usually, in such an attack, data from multiple sources are retrieved such as your customers’ information, your business partners’ details or financial credentials from credit-card companies.
And the “nice” thing about all this is that each one of them can “sue you” for not taking care of the information they provided to you. So, the initial security breach becomes something bigger that you can hardly control now.
For this reason, as soon as you know you have a problem, call the legal department and tell them everything. They know what to do.
9. Check your backups and logs.
Any decent IT department creates some backups for its main servers that assure a fast recovery in case the system has been affected by malicious software or an “intelligent” update managed to bring down the entire network, as sometimes happens.
These logs can be used not only for recovery, but the admins can look and compare changes in the network before and after the breach. Checking the logs may reveal valuable data about the firewall, the domain name system (DNS), the web servers and other security events, all these leading to a possible conclusion on how the network has been breached.
10. How well established and funded is your IT department?
Ok, we have this breach and we found the causes, we know what has been lost and we want to prevent this from happening in the future.
But, some people in the organization may blame the poor security imposed by the IT department. Before letting the IT take the blame, we need to think about it a bit.
How big is your company and how big is your IT department?
If you have a 10.000 people company and only 3 guys in the IT department, then the blame should lay somewhere else.
How much do you invest in your IT department? When was the last time your company was subject to an independent check regarding its network security? In case that happened, did you listen to the conclusions?
We know, you have a security breach which affected your image in the press, you lost money, probably some trust from your shareholders and investors and you may need to deal with legal issues, but until you don’t invest in your own IT department and you don’t take care of your security, things will not get better.
As we said in the beginning, it’s not that security attacks and phishing campaigns are something new for companies, but only in recent years have they reached this level of sophistication, which got most security analysts saying that a company should prepare for such an issue if it wants to maintain its business and reputation in the online industry.
Even more, the problem with security breaches is that the retrieved data is somehow exposed to the world, which places people in an awkward position of not knowing who to judge, the cyber-thieves or the personal information revealed?
Maybe you are in doubt about all this and you still think this won’t happen to your company, but just in the unfortunate case that it happens, we recommend you keeping this little article close by.
These are just some ideas we think could help you in case a data security breach affects your company, but since there are various situations and privacy breaches in the online industry, the solutions are sometimes different. So, please share with us your knowledge.
Did your company have to face a data security breach? How did you recover?
This post was originally published by Aurelian Neagu in February 2015.