Security breaches are a big concern for companies, but many do not know how to properly handle them. In this blog, we will be discussing simple, but immediate actions to take if there is any suspicion of a breach in security. First and foremost, it is crucial to stay calm. Taking actions like contacting legal counsel as well as your Insurance Carrier (if a Cyber Liability Policy is in place), NOT deleting information, identifying exactly which devices and content have been breached, figuring out where the IP address of the breach came from, changing all passwords and seeking aid from a consulting company are necessary in case of a breach. Below is an in-depth breakdown on how to properly execute each of these actions.
Do NOT delete important information
According to CIO, deleting important information is one of the first steps needed to take in case of a security breach. Although this seems like a quick way to limit your risk, in the eyes of the court you could be guilty of spoliation evidence. Furthermore if there are compliance and notifications requirements you will need to know what data was (or was potentially) accessed by the attacker in order to create notification lists. If you think deleting data is ideal, it would be better to take the system offline until it can be properly preserved before you take any harmful actions.
Identify breached devices
Identifying each individual device such as computers, tablets and phones used by anyone in the company should be thoroughly checked for viruses to eliminate any risk in security. Each device that is deemed at risk of having a virus or that has had a virus in the past should avoid being used until the device/problem is successfully resolved by a specialist and any pertinent evidence is preserved.
Track IP addresses
According to Turbofuture, it is very important to track the IP addresses via web analytics to better determine if all the accounts are being logged into by people associated with the company. Many experts tend to agree that foreign IP addresses accessing company-associated accounts can confirm suspicions of a security breach. Once foreign IP addresses are identified, it is necessary to block them from logging into any company or employee associated accounts. Furthermore, by having these logs in place, if a forensic team is brought in, they will have evidence to analyze.
Change passwords
After a threat is suspected and all the above steps have been completed, everyone in the company should change all their passwords to prevent hackers from having continued access to company intel. This includes company associated accounts, personal social media accounts, bank accounts and other personal accounts used by anyone working for the company. If a hacker was able to steal assets, it is imperative to notify your bank or credit card company immediately and cancel any cards associated with the theft. Additionally credentials should not be re-used between any accounts that belong to you.
Find an expert
Seeking council/aid from a security company that has extensive experience dealing with breaches is the best way to prevent future issues. It is essential to know if your company has been breached, then hiring experts that specializes in cyber security to help solve the problem. Obtaining assistance from seasoned professionals can be the difference between having another security breach or establishing digital security for your company.
For more information or concerns with security breaches, contact us today! Call (267)-540-3337 or email us at Info@dfdrconsulting.com. At DFDR Consulting, we offer a series of penetration tests that we use to determine the strength of a company’s security. Our experts check to see which areas of your security are weak and vulnerable. From there, we are able to take evasive action and make changes accordingly to prevent future breaches!