Do You Know What To Do When You Have A Security Breach?
Varonis found that in the first half of 2019 alone, 4.1 BILLION records were exposed in security breaches. To make matters worse, IBM found that the average time to identify a breach was 206 days last year. That’s a lot of time for hackers to lurk on the network – gathering confidential information belonging to you and your customers. So what defines a security breach? Essentially, a security breach refers to any violation of protective measures (or lack thereof) wherein a cybercriminal manages to gain access to:
- Credit card information
- Social security numbers
- Corporate information
- Trade secrets
- Personally identifiable information
- Protected health information
- And other types of confidential data
Steps to take after discovering a security breach
Some breaches happen unintentionally due to human error, such as an employee leaving a laptop on the bus or at a hotel. Some breaches occur due to an intruder infiltrating the network and stealing sensitive information. Sometimes you catch the security breach right away. Other times, it takes days or months before you notice something is seriously wrong. Regardless of what happened, what do you do starting from the moment you’ve discovered the security breach onwards?
Assess the situation
Take a moment to assess the situation calmly. If you have a technology partner or internal technology resource, this is a great time to call them and see what they can gather from their cybersecurity technologies. An incident response plan can be invaluable here because you’ll have a clear guideline to follow, but if you don’t have this, you need to focus on understanding the scope of the security breach. Determine the following: what information has been disclosed, what systems are affected, and how did this happen?
Think about legal and ethical obligations
Next up, think about your legal and ethical obligations and act accordingly. Do you have industry-specific regulations you’re required to comply with? If so, then you likely only have a limited amount of time to alert your affected customers and employees and the proper authorities. Don’t rush this process, but be aware of the legal and ethical obligations you have. In many cases, companies that act too quickly and alert everyone right away pay more per breached record than those that don’t. You don’t want to worry about retracting false information later on.
Assemble a team to handle the aftermath
Ideally, your team should consist of one or two key people on the management team, as well as your technology partner or internal technology resources. They will handle the aftermath – from reporting the breach and responding to media and customers to putting steps into place to prevent another breach from occurring in the future. Once you’ve done so, it’s time to look at what went wrong and how to fix it. Do you need additional cybersecurity tools like network and endpoint protection? Do you need to train staff members on proper protocols? Or maybe you simply need a mobile device management solution?
Your best bet is being honest with your customers and yourself in situations like this. We all make mistakes, and naturally, most consumers expect us to be on top of things like cybersecurity. If you weren’t on top of it, fess up and do better next time. If you were, explain why the security breach happened despite your efforts. Here are a few tips to prevent a security breach in the future:
- Implement an incident response plan that outlines the steps necessary to respond to a security breach, including who to call to recover equipment, who will communicate with customers and the media, and what legal and ethical obligations you have.
- Train your staff on best practices, including how to detect and respond to threats, proper password protocols, and overall, keep them up-to-date on everything they need to know.
- Deploy state-of-the-art cybersecurity technologies such as firewalls, anti-virus software, intrusion detection prevention, anti-spam filtering, and more to keep your network and endpoints safe.
- Use a SIEM tool that logs data and information to help you establish what happened during any given security breach. This will provide insight into areas for improvement and help you tell the entire truth upon discovery.
Not sure where to start? On-Site Computers Inc. has been working with businesses throughout Minnesota since 1997. We have a team of cybersecurity experts well-versed in implementing solutions that prevent a security breach from occurring in the first place. We’re also able to help you implement an incident response plan, data backup, and disaster recovery plan, state-of-the-art cybersecurity technologies, and ultimately, everything you need in today’s evolving world of threats.
Call On-Site Computers Inc. at 507-754-5548 to Work with Our Team of Minnesota Cybersecurity Experts Now.
Mike Bowe | Published on June 17, 2020