In the wake of the recent OneLogin data breach, it becomes evident that no one is safe in the cyber world. All companies are susceptible to attacks and should be prepared to react in case of a sensitive data breach. Have you ever paused to consider what you would do if your company became a target? If you haven’t, this post is for you.
Below you will find five steps you can take to secure your business after you discovered a breach. After all, it is in everyone’s interest to move through the process swiftly and thoroughly to restore your operations and bring forth a restored sense of trust between you and your clients.
Step #1: Round up your team
Data breach is a serious matter and its effective resolution will hinge on the quality of the team of experts you’ll assemble to address the problem. This will depend on the size and nature of your business. In most cases, the people who will need to be brought into the fold will include management, IT and legal. It is also a good idea to talk to those who discovered the breach.
If your company is larger and the breach extensive, it is wise to include in your strategic discussions information security, human resources, communications, investor relations, and operations. You may also look into bringing forensic investigators on board to help trace the breach to its source, assess its scope and assist you in forging a remediation plan.
Forensic experts supply knowledge of what evidence to collect and how to interpret it. Furthermore, they can be helpful in outlining remediation steps to bring your business back online. In the event of privacy exposure, consider hiring outside legal counsel to advise you on the type of laws implicated in the breach.
Step #2: Boost your security
To prevent having to face multiple compromises, it is critical that you act quickly and secure all your systems. This may include changing access codes and even a physical lock up. For machines running online, it’s best to unplug them from the network but not shut them down to allow forensic experts to trace the history of what happened. Be sure to inform your team to not damage any forensic evidence in their post-compromise activity.
It is critical that your employees change their administrative credentials as soon as the breach is discovered. This will prevent any hacker who has gained access to such credentials from having unimpeded access to your data. If you need to access the web, consider plugging in uncontaminated machines. Make sure your IT team is closely monitoring the ingress and egress points, especially those implicated in the breach.
Have your team investigate any inappropriate postings of stolen data on your as well as other public websites and request their removal. Contact search engines to ensure that they don’t archive personal information posted in error. Also, determine exactly what kind of data was compromised, how many were affected and have their contact information ready.
Step #3: Develop a communications plan
Being upfront with your employees and customers can save you much time, money and headaches in the long run. To be most effective, your communication plan should address all implicated parties: customers, employees, investors, and business partners. Avoid being misleading in your communication and withholding details that could help people better protect themselves.
If the breach compromised the privacy and security of individuals, bringing media into the fold via a public relations campaign could help you reach the people whose contact information you lack. For all others, set up a communication channel, such as a website or a toll-free number, to keep them informed of the case.
When speaking publicly about the breach, aim to address common questions in a plain language while avoiding sharing information that can put people at risk. Have a trained communications team in place designated as point of contact to help disseminate intelligence about the event.
Step #4: Reach out to all relevant parties
To minimize the risk of identity theft, it is wise to notify your local police, or even FBI, immediately after you discover the breach. Depending on your legal requirements, you may also need to contact specific government branches. Do your research to find out what exactly you are required to disclose. The type of data stolen, financial versus health for example, may require additional steps for you to take, such as notifying the FTC.
If the breach affected other businesses you are partnering with, be sure to let them know as soon as possible. To prevent access to financial information that you do not store on your machines, contact banking and credit institutions to make them aware of what has happened and allow them to monitor their systems. If the theft included Social Security numbers, major credit bureaus, such as Equifax and Experian can be of assistance.
To help individuals reduce risk, notify them as soon as you’re able so that they can take steps to prevent identity theft. Educate them on what they can do if their sensitive data was exposed. As a make good, you may consider offering your clients free monitoring or identity restoration service. Work with the law enforcement and your investigative team to determine what information to disclose and when.
Step #5: Don’t let it happen again
Data breaches expose system vulnerabilities. Therefore, before closing the case it is imperative to know what areas of the system need additional bolstering and what precautions need to be taken to prevent a future breach. A careful review and analysis of logs and history should reveal the blind spots. You may also limit access of certain individuals to sensitive data, and take a look at your encryption and network segmentation meant to prevent the spread of infection to multiple servers.
Most importantly, make sure to choose the most appropriate hosting solution for your data. If cyber security isn’t your company’s expertise, you may want to work with an expert provider whose job is to ensure the safety of your data. Since cyber attacks will only become more sophisticated over time, do your research and select an organization that has taken extra steps to fortify their security with the best tools.
The author is the founder and CEO of Atlantic.Net, a Managed Cloud Hosting company focused on providing valuable hosting solutions for businesses and healthcare providers, backed by world-class support.