By: Alicia Hernandez, Think Technical Writer.
With all of these massive data breaches happening within some of the largest companies in the world, I cannot help but think it is only a matter of time before something happens within my company. I’m sure you have the same fear too…and if you don’t, you should! Think about it. Those large companies have all the money in the world at their disposal to throw at a secure, compliant, over-the-top infrastructure to protect their customer’s data. And yet, they still get breached. Maybe there’s no easy answer as to what to do to avoid an attack, but here’s some tips on surviving an attack.
Now-a-days with mobility being a driving factor in the success of our business, it is also opening up more holes for the bad guys to get in. Cisco refers to this as the “any-to-any challenge [in which] people work inside and outside the network on any device, accessing any application and in multiple clouds” (p. 2, 2014). Attackers are exploiting every vulnerability possible, and are far more patient than we would expect. The recent Anthem breach reportedly happened over the course of 6+ months, until finally the attacker was able to compromise the account of a Database Administrator for the company which gave them the keys to the kingdom.
Your reaction and response to a breach can be the difference between closing your business doors for good or saving your reputation and being able to continue on with your customer’s trust. For a more thorough guide, I recommend the Online Trust Alliance 2015 Data Protection & Breach Readiness Guide, along with more great information on their website https://otalliance.org.
Whatever you do, don’t try to cover up your breach! Communicate promptly and truthfully with your customers – if you know the extent of the breach or if you are still investigating, tell them. Then, implement your incident response plan – if you don’t have one, you need one.
Contain your problem! Clean up the systems and cut the access of the attacker. DO NOT DESTROY ANY EVIDENCE!
Fix your problem! Take your time and do it right the first time. There is nothing worse than trying to rush back into being open for business and finding that you are still compromised.
Recover! Utilizing your disaster recovery plans (that you now have after reading our December article on DR), restore your systems and data and reopen for business.
Utilize Your Resources
Vendors, security consultants, and tools are out there to help you. Be willing to spend the money in order to save your business! It will not be cheap, but it will be worth it. They will also help you identify the necessary facts, documentation, and event logs that will be crucial to the investigation.
There is no way around it, there will be legal implications following a data breach. According to Network World, lawyers will help with notice issues, working with law enforcement agencies, investigations, and other policies and procedures for reporting the incident that are governed by either the state or the industry.
Notify your insurance agent immediately. Remember that documentation will be vital to your investigation and your claim, including documentation on the cost of the remediation.
Do not be fooled. Be prepared. The size of your business does not exclude you from the masterful hands of the attackers. Data – anyone’s data – has a hefty price tag attached to it. Your secured systems are always at risk and sometimes there’s no stopping the bad guys, so the best thing you can do is be prepared for a breach.