How to respond to a security breach?

What is a security breach?

According to the NIST, a security breach or Cyber breach is “ An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or that constitutes a violation or imminent threat of violating security policies, security procedures, or acceptable use policies”

In plain English, a security breach is a successful attempt to gain unauthorized access to a company’s computer systems. So what should a company do to prevent a future security breach?

How to prevent a security breach?

WORK ON A DATA BREACH RESPONSE PLAN. A data breach response plan is a course of action intended to reduce the risk of unauthorized data access and to mitigate the damage caused if a breach does occur.

The plan could include:

1. Who will be responsible?
2. The initial steps the organization takes to secure the data
3. Commissioning an IR specialist that does the technical part
4. Report on the development of the situation
5. A communication plan to the relevant people in the firm and 3rd parties
6. Feedbacks about the Lessons learned and what to do in the future

But what happens if I already had a security breach or I suspect that a security incident is happening to my company, Don’t worry- We’ve got you covered.

How to respond to a security breach? Or What should a company do after a data breach?

First, you need to respond to the question “Has your company established a data breach response plan?”.  If not, then here are some steps you need to follow to establish an incident management plan that covers your data:

• Stop blaming and assemble a taskforce: There is no time for blame-shifting. You need to construct a response protocol to help people focus on what can be a high-pressure situation and your incident management plan should follow this protocol. Include representatives from all important departments, including IT, to trace and deal with any technical flaws that led to the security incident.
• Focus on Containment: Take the time to do all these tasks:

  – Installing patches to resolve viruses

  – Resetting passwords for user accounts that may have been compromised and advising users to change other accounts on which they use the same password and enable 2FA

  – Disabling network access for computers known to be infected by viruses or other malware

  – Delete information such as recalling emails, asking unintended recipients to destroy copies, or disabling links that have been mistakenly posted

  – Analyze the severity of the breach: Try to Identify who and what has been affected, how the information could be used against the victims. Also, determine if there has been a deliberate hacking, rather than an inadvertent breach of security

• Proactive notification: is always the right strategy. Victims should know that their information has been compromised so that they can be able to protect themselves. Other third parties may also need to be notified. Staff should be informed on how to deal with any inquiries from clients, press, or third parties and who to escalate questions to.

• Prevention: determine with a Cybersecurity Audit whether your security practices can be improved. Engage with a data security expert, which will give you a fresh perspective on your existing practices, and help to reassure customers and others that you do business with.