• What Are the Steps to Take When a Security Breach Has Been Identified?

    finalcode-admin|Nov 18, 2016

    Has your company taken the necessary measures to ensure that you and your customers are protected from malware and data breaches? Do you have a solid data breach incident management and data recovery plan? Recent evidence suggests that businesses are not adequately prepared to handle an attack­—and the potential consequences are alarming.

    The fact is data breaches can and do happen. Australia witnessed its biggest data breach to date just last month which resulted in 1.3 million compromised records. Approximately 550,000 citizens who were donating blood to the Red Cross Blood Service became victims of this data breach.

    Cybercriminals are constantly improving their skills and finding innovative ways to defeat network defences. A report published by the Australian Cyber Security Centre points how Australian organisations are fast becoming victims of these attacks.

    Another study conducted by IBM in conjunction with Ponemon Institute throws some light on the financial impact of data breaches. According to the latest study, the average cost of a data breach for businesses has reached a whopping $4 million. Healthcare breaches are even more expensive, reaching almost $355 per record. The study also reveals that one of the ways to reduce the cost of a data breach is to obtain support from a skilled incident response team. The incident response team offers proactive services such as end-user security training and incident handling. They identify vulnerable areas of the organisation, coordinate recovery, and plan effective response strategies to tackle malware, security breaches, viruses, and information theft.

    Since a data breach has both financial and reputational consequences, it’s important to know what to do when it happens.

    Steps to Take In the Event of a Security Breach
    Step 1: Don’t Waste Time, Address the Breach

    There is no point playing the blame game; instead, it’s time to find solutions. Gather your incident response team and identify the servers that have been compromised. Trace the flaws that led to the breach and put an active containment strategy in place. Install a security patch to prevent the compromised server from infecting other servers.

    To avoid further loss of data, turn affected equipment offline. Don’t turn off machines until the forensics team has had the chance to investigate. Remove all personal or confidential information that was posted on your website and contact search engine providers to make sure they haven’t archived sensitive information in error. Find out if the same personal information has been posted on other sites. If it has been posted, contact the sites and request them to remove the information immediately.

    Step 2: Test the Security Fix

    After the flaws have been identified and resolved, make sure the incident response team run penetration tests to validate the efficacy of defensive mechanisms. Penetration tests will also help to identify and block attack vectors. Have the team scrutinise server logs again and delete any files that have been compromised.

    If the entire network was affected by malicious software, use your backups or logs to bring your main servers up and running. Look for changes in the network and carefully analyse logs to get more information about the firewall, the web servers, and the domain name system. They may help you uncover the real cause of the breach. Also, tighten your patch strategy and automate it to prevent security nightmares.

    Step 3: Notify the Authorities

    Instead of immediately notifying the authorities the moment the breach has been identified, leverage your response team to stop the breach. Then compile a detailed description of the breach and include details about what happened and what actions were taken by the team. Use this to clearly communicate the facts and circumstances surrounding the breach to the authorities and qualified attorneys.

    Get in touch with the local authorities, internal and external legal experts, as well as the public relations department to disclose the nature and extent of the breach. Highly regulated industries like healthcare or financial services may have to comply with certain data breach notification laws set forth by the government.

    Step 4: Hire Skilled Lawyers

    To minimise your risk of fines, make sure you hire the right lawyers who will help you fulfil your statutory and contractual obligations. You also have a duty to notify people whose accounts have been compromised. Ask them to reset their passwords if their accounts have been hacked.

    Step 5: Send the Right Message Out to the Victims and the Public

    Embarrassing as it is, you’re obligated to notify the victims promptly so that their personal data is not used towards identity theft or any criminal activity. Since the company’s reputation hangs in the balance, it’s important to send out an affirmative message to the public. Highlight the remedial actions that have been taken.

    Beefing Up CyberSecurity
    If you have an ideal remediation plan in place, you won’t bend under these stressful circumstances. Independent research conducted by EMA revealed that more than 84% of respondents from mid-tier and large organisations in North America had moderate to no confidence in their capacity to secure files.

    Files obtained through system breach pose an ongoing threat to the business. Many organisations have, therefore, started investing in technology for stronger file encryption and data protection policies.

    Tried and tested standard encryption and usage control cryptography allow enterprises to secure files containing confidential data.

    Organisations should use a layered approach for security breach prevention. They must implement resource access controls, web filtering, and data loss prevention strategies as countermeasures for cyber security. They could also use data protection policies to encrypt all types of content. This ensures that sensitive data is only accessed by authorised personnel even when the IP address is exposed to the public.

    FinalCode implements resource access controls together with proven and standard encryption to secure data. If you want to build your business’s incident response capability and protect the security of your files, learn more about their 256-bit AES encryption, comprehensive file control, and standards-based password management system here.

Ensure File Security with FinalCode