An unfortunate truth is that data loss, hacks or cyber breaches sometimes happen even if you have already built a robust cyber defense strategy for your business. Even the largest companies in the world with some of the most comprehensive cybersecurity systems and measures in place occasionally experience them.
Of course, hackers and cybercriminals don’t spare medium and smaller-sized organizations. So, what if it happens to you? What would, or rather should you do in the aftermath of a cyber-breach?
Just like the sustainable best practices that you’ve implemented to lessen your business’ impact on the environment, you can also execute guidelines and procedures to soften the blow and limit the damage of data breaches. This is what we aim to help you with today, as well as share what not to do after a breach, or how to find out if your business has been hacked in the first place!
So Your Business has been Breached…Now What?
1. Contain the Attack
While you may believe the best course of action is to outright eliminate all your technology if it’s infected with malware, evidence preservation is essential for determining how the breach occurred and who was involved. Following a data breach, the first step is to discover which servers or devices have been hacked and confine them as rapidly as possible to prevent infecting additional servers or devices.
The following are some immediate things you can do:
- Disable remote access
- Disconnect your internet
- Install any pending security patches or updates
- Change affected or vulnerable passwords ASAP. Make each account’s password unique and strong, and don’t reuse passwords across numerous accounts.
Should a data breach occur again in the future, doing these things can reduce the damage it will cause.
2. Determine the Source and the Scope of the Breach
Ideally, your business should have Intrusion Detection and/or Prevention systems (IDS and IPS) in place to automatically log security incidents.
You may use these logs to find out where the breach originated, which files were accessed, and what actions the intruder took. The following steps you will take will require this information. If your network doesn’t have IDS/IPS, obtaining this information will take much more time and effort from your IT staff.
If you’re having trouble pinpointing the source and scope of the breach, it could be worth engaging a trained cyber specialist or Managed Security Service Provider (MSSP) to assist you in securing your business in the future.
You’ll also need to figure out who was affected by the breach, including your employees, clients or third-party vendors. To determine the data breach’s severity, take note of what information was accessed or targeted, such as birthdays, postal addresses, email accounts, and credit card numbers.
3. Contact Your Trusted IT Advisor to Assist with the Breach
As technology rapidly evolves and information is passed around so quickly, every company should have a trusted IT advisor or managed IT services provider (MSP) responsible for resolving crises like data breaches. Assemble your business’ task force team ASAP to deal with the breach.
The particular activities you’ll need to take will depend on the severity of the breach. Still, experts advise storing a disk image or copy of the impacted servers for legal reasons at the time of the incident.
4. Put Your Security Strategy to the Test
Test any short-term security fix you put in place to ensure the attacker can’t use the same way to target your business again.
To ensure that the vulnerability does not exist elsewhere, run penetration testing on all of your company’s servers and virtual machines. These are typically the most susceptible tech areas where data breaches occur. Your previous weakness and any additional security vulnerabilities discovered during inspections should be completely patched.
We recommend you consult a certified MSSP about implementing routine Penetration Testing to simulate how your strategy will execute in practice.
5. Communicate with Everyone
Once you have a fix in place, make sure to contact the relevant federal authorities, who may be able to assist you with the necessary instructions for meeting your industry’s post-breach regulatory criteria.
You must also notify your managers and employees. Establish explicit authorizations for team members to communicate internally and externally about the problem. While your company is recovering from a data breach, being on the same page with your employees is critical.
Lastly, notify your clients. The best course of action is to give them a heads-up so that they can take steps to safeguard their identities, such as canceling credit cards and changing bank account numbers. This may be inconvenient for them, but it’s preferable compared to being caught off guard by identity theft, and to maintain or even regain consumer confidence. Because at the end of the day, even if you’re able to contain the cyber-attack, if your company reputation is ruined, you won’t be able to do business for much longer.
You should also consider establishing a separate action hotline dedicated to answering queries from affected individuals.
Recovering Your Data
Remember this: when it comes to dealing with the aftermath of a breach, the most important thing is DON’T panic or think you should improvise!
Refer to your business continuity plan or IT provider playbook and address each step accordingly to fully recover.
Restoring your data and/or business email greatly depends on how you prepared for the security breach. Sometimes, simply wiping or replacing the data storage drives of the affected IT assets and downloading any lost data from a backup may be sufficient.
In some cases, you may be able to activate full cloud-based replicas or backups of your network environment to quickly restore your company’s network while you investigate the security incident.
When restoring assets, track and catalog which ones have been removed and which ones have to be on your network based on your most recent asset identification efforts. This way, you can be confident you haven’t missed anything.
Something else to remember: your data is only as good and secure as the last time it was tested or backed up. At minimum, you should have a yearly routine in place to test your backups if you need to use them.
Getting Breached Even with an IT Provider?
When you have a solid team of IT professionals, it’s easy to assume that your business will not fall victim to any kind of cyberattack. But unfortunately, foolproof cybersecurity techniques don’t exist. Cybercriminals will always find a way to invent a strategy against improper cybersecurity hygiene and defenses.
While a data breach can put your company out of business, having an effective response plan may be the difference between sinking or swimming. A recovery plan that prioritizes mission-critical data, minimizes downtime, and protects your most sensitive data should be part of your cybersecurity strategy.
For your peace of mind during and after the breach, you should also ask your IT provider the following questions:
During the Breach
- Was any customer data lost or compromised?
- What data was compromised?
- Is the data breach still happening?
- Have you established a defensible path?
- Was the data breach malicious or accidental? Who is responsible for it?
After the Breach
- What about encryption?
- Have you implemented a crisis communication strategy?
- Have you notified your outside counsel?
- Have you put your data breach response strategy to the test?
- Can future data breaches be prevented? How?
If you ask your IT provider these questions and they can’t immediately answer them or need a long time to draft up what their plan would be, perhaps it’s best to rethink your business relationship.
How can I Prevent Future Breaches?
Sometimes, it’s the small things that matter. Stay ahead of hackers by taking proactive steps to secure your data. Here are some strategies to help protect your business from being victimized by cybercriminals:
- Make sure all employees know their email security tips. If they open files or click links in emails from senders they don’t know, they must notify their IT department immediately so that the professionals can ensure malware hasn’t been triggered and released.
- In response to an email or phone contact, do not reveal usernames, passwords, birth dates, social security numbers, financial data, or other sensitive information.
- Implement a strict Password Policy; use different passwords for different accounts, and mandate password changes on a routine basis.
Be Proactive, Not Reactive
It might be cliché, but the truth is that prevention will always be better than cure. As technology continues to evolve, so will the techniques used by hackers and cybercriminals. So be one step ahead of them with a team of trusted IT advisors! Key Word
If you’re unsure of your security’s vulnerabilities, there is no better time than now to request a free cybersecurity audit. Contact Nerds Support, and we’ll review your system for any vulnerabilities, so they can be addressed to help reduce the risk of cyber-attacks.