When a business experiences a data breach, certain steps must be taken to secure the company from further attacks. Some of these steps may differ depending on the nature of the attack, such as whether any personal information has been exposed.
Secure Your Systems
After a breach, it’s essential to move quickly to fix vulnerabilities and secure your system to protect against subsequent attacks. Steps to take include:
- Go offline – immediately take any affected equipment offline, but don’t turn anything off until forensics experts have arrived
- Update all access credentials – if credentials were stolen, all passwords must be updated immediately to stave off any additional threats.
- Securing physical access points – lock up and change the access codes for commercial security doors of any physical spaces that may be related to the attack
- Assemble a breach response team – depending on the size of your organization, this may include legal, IT, HR, security personnel, forensics, management, and more.
- Conduct interviews – talk with anyone who may have information regarding the breach, particularly those who discovered it. Ensure that everyone knows where to forward any information and document it – never destroy any evidence that could be helpful to the investigation.
Ensure Any Improperly Posted Information Is Removed From The Web
Some breaches involve personal information being posted to your or other websites and must be removed. Internet search engines store (cache) data, so as well as removing it from your own site, you can request that search engines delete any cached information. In addition, run a search online to see if any sensitive data has been posted on other sites and if so, contact those sites requesting that it be taken down.
Address System Vulnerabilities
Addressing system vulnerabilities is an ongoing job in data security. After a breach, it’s essential to assess and fix the vulnerabilities that may have led to the attack. Steps to take include:
- Include any service providers in your breach response – if your system incorporates access to service providers, consider what data they have access to and, if necessary, change their authorizations. Follow-up on any remedies they state they have made to ensure they are sufficient
- Conduct extensive vulnerability analysis – working alongside forensic experts, thoroughly analyzing vulnerabilities and working through remedies; review access logs at the time of the attack, verify the nature of the compromised information, who was affected, and how to contact all parties
- Assess the efficacy of your network segmentation – presuming your network is segmented to minimize attack risks, analyze how effective the segmentation was, and make alterations where necessary
- Create a communications plan – be sure to include all relevant parties in your communication plan; staff, customers, business partners, investors, and business stakeholders. Don’t publicly share any unnecessary information, but be sure to release any critical details to appropriate parties to assist them in protecting their information
Notify All Relevant Parties
Whenever a business experiences a security breach, various parties must be notified. These can include:
- Law enforcement – report the breach to your local police department without delay, highlighting any potential identity theft risks.
- Fulfill your legal requirements – each state enacts its own legislation regarding the notification of personal information security breaches. Be sure to check both state and federal regulations to determine your legal requirements and see them through. Read about reporting personal data breach under the GDPR when a data breach includes the personal information of EU citizens.
- Notify individuals – as soon as you detect that an individual’s personal information has been breached, notify them so that they can take the necessary steps to protect themselves from further attack
- Notify affected businesses – depending on the data that has been breached, it may be necessary to inform third-party businesses (such as banking institutions in the case of credit card information being stolen), so they can monitor for any subsequent fraudulent activity. You can designate a member of staff to carry out these communications
When notifying individuals, check what to include. Typical information shared includes:
- How the breach occurred
- What data/information was stolen
- How the hackers are using the information
- What actions are being taken to remedy the situation
- Any actions being taken to protect the individual (such as credit monitoring services)
- All relevant contact information moving forwards to avoid subsequent scams (in other words, how the individual can know for sure it is you contacting them)
- How they can report any misuse of their information
Taking a thorough, organized approach to securing your business after a data breach can significantly reduce the risks of ongoing attacks or subsequent violations. One data breach is bad enough, but then succumbing to multiple breaches that stem from the first attack is a much bigger problem, so act quickly.